commit 77986895548c89079931cc9abeb3393232e14c60 Author: MSVSphere Packaging Team Date: Fri Oct 25 17:19:23 2024 +0300 import nss-3.101.0-7.el10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0d4341b --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +SOURCES/blank-cert9.db +SOURCES/blank-key4.db +SOURCES/nss-3.101-with-nspr-4.35.tar.gz diff --git a/.nss.metadata b/.nss.metadata new file mode 100644 index 0000000..e662a02 --- /dev/null +++ b/.nss.metadata @@ -0,0 +1,3 @@ +b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db +f9c9568442386da370193474de1b25c3f68cdaf6 SOURCES/blank-key4.db +592ea337ee2504efb09a21a4593cc1f19e4477c2 SOURCES/nss-3.101-with-nspr-4.35.tar.gz diff --git a/SOURCES/cert9.db.xml b/SOURCES/cert9.db.xml new file mode 100644 index 0000000..815d3f9 --- /dev/null +++ b/SOURCES/cert9.db.xml @@ -0,0 +1,59 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + cert9.db + 5 + + + + cert9.db + NSS certificate database + + + + Description + cert9.db is an NSS certificate database. + This certificate database is the sqlite-based shared database with support for concurrent access. + + + + + Files + /etc/pki/nssdb/cert9.db + + + + See also + pkcs11.txt(5) + + + + Authors + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + + diff --git a/SOURCES/fips_algorithms.h b/SOURCES/fips_algorithms.h new file mode 100644 index 0000000..30f8688 --- /dev/null +++ b/SOURCES/fips_algorithms.h @@ -0,0 +1,188 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Vendors should replace this header file with the file containing those + * algorithms which have NIST algorithm Certificates. + */ + +/* handle special cases. Classes require existing code to already be + * in place for that class */ +typedef enum { + SFTKFIPSNone = 0, + SFTKFIPSDH, /* allow only specific primes */ + SFTKFIPSECC, /* not just keys but specific curves */ + SFTKFIPSAEAD, /* single shot AEAD functions not allowed in FIPS mode */ + SFTKFIPSRSAPSS, /* make sure salt isn't too big */ + SFTKFIPSPBKDF2, /* handle pbkdf2 FIPS restrictions */ + SFTKFIPSTlsKeyCheck, /* check the output of TLS prf functions */ + SFTKFIPSChkHash, /* make sure the base hash of KDF functions is FIPS */ + SFTKFIPSChkHashTls, /* make sure the base hash of TLS KDF functions is FIPS */ + SFTKFIPSChkHashSp800, /* make sure the base hash of SP-800-108 KDF functions is FIPS */ +} SFTKFIPSSpecialClass; + +/* set according to your security policy */ +#define SFTKFIPS_PBKDF2_MIN_PW_LEN 8 + +typedef struct SFTKFIPSAlgorithmListStr SFTKFIPSAlgorithmList; +struct SFTKFIPSAlgorithmListStr { + CK_MECHANISM_TYPE type; + CK_MECHANISM_INFO info; + CK_ULONG step; + SFTKFIPSSpecialClass special; + size_t offset; +}; + +SFTKFIPSAlgorithmList sftk_fips_mechs[] = { +/* A sample set of algorithms to allow basic testing in our continous + * testing infrastructure. The vendor version should replace this with + * a version that matches their algorithm testing and security policy */ +/* NOTE, This looks a lot like the PKCS #11 mechanism list in pkcs11.c, it + * differs in the following ways: + * 1) the addition of step and class elements to help restrict + * the supported key sizes and types. + * 2) The mechanism flags are restricted to only those that map to + * fips approved operations. + * 3) All key sizes are in bits, independent of mechanism. + * 4) You can add more then one entry for the same mechanism to handle + * multiple descrete keys where the MIN/MAX/STEP semantics doesn't apply + * or where different operations have different key requirements. + * This table does not encode all the modules legal FIPS semantics, only + * those semantics that might possibly change due to algorithms dropping + * of the security policy late in the process. */ +/* handy common flag types */ +#define CKF_KPG CKF_GENERATE_KEY_PAIR +#define CKF_GEN CKF_GENERATE +#define CKF_SGN (CKF_SIGN | CKF_VERIFY) +#define CKF_ENC (CKF_ENCRYPT | CKF_DECRYPT ) +#define CKF_ECW (CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP) +#define CKF_WRP (CKF_WRAP | CKF_UNWRAP) +#define CKF_KEK (CKF_WRAP | CKF_UNWRAP) +#define CKF_KEA CKF_DERIVE +#define CKF_KDF CKF_DERIVE +#define CKF_HSH CKF_DIGEST +#define CK_MAX 0xffffffffUL +/* mechanisms using the same key types share the same key type + * limits */ +#define RSA_FB_KEY 2048, 4096 /* min, max */ +#define RSA_FB_STEP 1 +#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */ +#define RSA_LEGACY_FB_STEP 256 + +#define DSA_FB_KEY 2048, 4096 /* min, max */ +#define DSA_FB_STEP 1024 +#define DH_FB_KEY 2048, 8192 /* min, max */ +#define DH_FB_STEP 1024 +#define EC_FB_KEY 256, 521 /* min, max */ +#define EC_FB_STEP 1 /* key limits handled by special operation */ +#define AES_FB_KEY 128, 256 +#define AES_FB_STEP 64 + { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone }, + + /* -------------- RSA Multipart Signing Operations -------------------- */ + { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_SHA384_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_SHA512_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, + { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, + { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, + { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, + { CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA224_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, + /* -------------------- Diffie Hellman Operations --------------------- */ + { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_FB_KEY, CKF_KPG }, DH_FB_STEP, SFTKFIPSDH }, + { CKM_DH_PKCS_DERIVE, { DH_FB_KEY, CKF_KEA }, DH_FB_STEP, SFTKFIPSDH }, + /* -------------------- Elliptic Curve Operations --------------------- */ + { CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDH1_COFACTOR_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDSA_SHA512, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, + /* ------------------------- RC2 Operations --------------------------- */ + /* ------------------------- AES Operations --------------------------- */ + { CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CTS, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CTR, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_GCM, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSAEAD }, + { CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone }, + /* ------------------------- Hashing Operations ----------------------- */ + { CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, + { CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA224_HMAC_GENERAL, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA256, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, + { CKM_SHA256_HMAC, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA256_HMAC_GENERAL, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA384, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, + { CKM_SHA384_HMAC, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA384_HMAC_GENERAL, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA512, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, + { CKM_SHA512_HMAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA512_HMAC_GENERAL, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, + /* --------------------- Secret Key Operations ------------------------ */ + { CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, + /* ---------------------- SSL/TLS operations ------------------------- */ + { CKM_SSL3_PRE_MASTER_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSTlsKeyCheck, offsetof(CK_TLS12_KEY_MAT_PARAMS, prfHashMechanism) }, + { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSChkHashTls, + offsetof(CK_TLS_MAC_PARAMS, prfHashMechanism) }, + { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSChkHashTls, + offsetof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS, prfHashMechanism) }, + { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSChkHashTls, + offsetof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS, prfHashMechanism) }, + + /* ------------------------- HKDF Operations -------------------------- */ + { CKM_HKDF_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash, + offsetof(CK_HKDF_PARAMS, prfHashMechanism) }, + { CKM_HKDF_DATA, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash, + offsetof(CK_HKDF_PARAMS, prfHashMechanism) }, + { CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone }, + /* ------------------ NIST 800-108 Key Derivations ------------------- */ + { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800, + offsetof(CK_SP800_108_KDF_PARAMS, prfType) }, + { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800, + offsetof(CK_SP800_108_KDF_PARAMS, prfType) }, + { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800, + offsetof(CK_SP800_108_KDF_PARAMS, prfType) }, + /* --------------------IPSEC ----------------------- */ + { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash, + offsetof(CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS, prfMechanism) }, + { CKM_NSS_IKE_PRF_DERIVE, { 112, 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash, + offsetof(CK_NSS_IKE_PRF_DERIVE_PARAMS, prfMechanism) }, + /* ------------------ PBE Key Derivations ------------------- */ + { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSPBKDF2 }, + /* the deprecated mechanisms, don't use for some reason we are supposed + * to set the FIPS indicators on these (sigh) */ + { CKM_NSS_AES_KEY_WRAP, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_NSS_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, { 384, 384, CKF_DERIVE }, 1, SFTKFIPSTlsKeyCheck }, + { CKM_NSS_TLS_PRF_GENERAL_SHA256, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_NSS_HKDF_SHA1, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone }, + { CKM_NSS_HKDF_SHA256, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone }, + { CKM_NSS_HKDF_SHA384, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone }, + { CKM_NSS_HKDF_SHA512, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone }, + { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800, + offsetof(CK_SP800_108_KDF_PARAMS, prfType) }, + { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800, + offsetof(CK_SP800_108_KDF_PARAMS, prfType) }, + { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800, + offsetof(CK_SP800_108_KDF_PARAMS, prfType) }, +}; +const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs); diff --git a/SOURCES/iquote.patch b/SOURCES/iquote.patch new file mode 100644 index 0000000..6e4adcd --- /dev/null +++ b/SOURCES/iquote.patch @@ -0,0 +1,13 @@ +diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk +--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200 ++++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200 +@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME + SQLITE_LIB_NAME = sqlite3 + endif + ++# Prefer in-tree headers over system headers ++ifdef IN_TREE_FREEBL_HEADERS_FIRST ++ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss ++endif ++ + MK_LOCATION = included diff --git a/SOURCES/key4.db.xml b/SOURCES/key4.db.xml new file mode 100644 index 0000000..9b65f41 --- /dev/null +++ b/SOURCES/key4.db.xml @@ -0,0 +1,59 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + key4.db + 5 + + + + key4.db + NSS certificate database + + + + Description + key4.db is an NSS key database. + This key database is the sqlite-based shared database format with support for concurrent access. + + + + + Files + /etc/pki/nssdb/key4.db + + + + See also + pkcs11.txt(5) + + + + Authors + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + + diff --git a/SOURCES/nspr-4.34-fix-coverity-loop-issue.patch b/SOURCES/nspr-4.34-fix-coverity-loop-issue.patch new file mode 100644 index 0000000..c8c4149 --- /dev/null +++ b/SOURCES/nspr-4.34-fix-coverity-loop-issue.patch @@ -0,0 +1,51 @@ +diff --git a/pr/src/misc/prnetdb.c b/pr/src/misc/prnetdb.c +--- a/pr/src/misc/prnetdb.c ++++ b/pr/src/misc/prnetdb.c +@@ -2209,28 +2209,38 @@ PR_GetPrefLoopbackAddrInfo(PRNetAddr *re + PRBool result_still_empty = PR_TRUE; + PRADDRINFO *ai = res; + do { + PRNetAddr aNetAddr; + + while (ai && ai->ai_addrlen > sizeof(PRNetAddr)) + ai = ai->ai_next; + +- if (ai) { +- /* copy sockaddr to PRNetAddr */ +- memcpy(&aNetAddr, ai->ai_addr, ai->ai_addrlen); +- aNetAddr.raw.family = ai->ai_addr->sa_family; ++ if (!ai) { ++ break; ++ } ++ ++ /* copy sockaddr to PRNetAddr */ ++ memcpy(&aNetAddr, ai->ai_addr, ai->ai_addrlen); ++ aNetAddr.raw.family = ai->ai_addr->sa_family; + #ifdef _PR_INET6 +- if (AF_INET6 == aNetAddr.raw.family) +- aNetAddr.raw.family = PR_AF_INET6; ++ if (AF_INET6 == aNetAddr.raw.family) ++ aNetAddr.raw.family = PR_AF_INET6; + #endif +- if (ai->ai_addrlen < sizeof(PRNetAddr)) +- memset(((char*)result)+ai->ai_addrlen, 0, +- sizeof(PRNetAddr) - ai->ai_addrlen); ++ if (ai->ai_addrlen < sizeof(PRNetAddr)) ++ memset(((char*)&aNetAddr)+ai->ai_addrlen, 0, ++ sizeof(PRNetAddr) - ai->ai_addrlen); ++ ++ if (result->raw.family == PR_AF_INET) { ++ aNetAddr.inet.port = htons(port); + } ++ else { ++ aNetAddr.ipv6.port = htons(port); ++ } ++ + + /* If we obtain more than one result, prefer IPv6. */ + if (result_still_empty || aNetAddr.raw.family == PR_AF_INET6) { + memcpy(result, &aNetAddr, sizeof(PRNetAddr)); + } + result_still_empty = PR_FALSE; + ai = ai->ai_next; + } diff --git a/SOURCES/nspr-4.34-server-passive.patch b/SOURCES/nspr-4.34-server-passive.patch new file mode 100644 index 0000000..ed8d713 --- /dev/null +++ b/SOURCES/nspr-4.34-server-passive.patch @@ -0,0 +1,12 @@ +diff -r c75b4e36b7e8 pr/src/misc/prnetdb.c +--- a/pr/src/misc/prnetdb.c Wed May 25 23:39:48 2022 +0200 ++++ b/pr/src/misc/prnetdb.c Tue Jun 14 18:48:03 2022 -0400 +@@ -2204,6 +2204,7 @@ + + memset(&hints, 0, sizeof(hints)); + ++ hints.ai_flags = AI_PASSIVE; + rv = GETADDRINFO(NULL, tmpBuf, &hints, &res); + if (rv == 0) { + PRBool result_still_empty = PR_TRUE; + diff --git a/SOURCES/nspr-config-pc.patch b/SOURCES/nspr-config-pc.patch new file mode 100644 index 0000000..2c1fe87 --- /dev/null +++ b/SOURCES/nspr-config-pc.patch @@ -0,0 +1,37 @@ +diff -up nspr/config/nspr-config.in.flags nspr/config/nspr-config.in +--- nspr/config/nspr-config.in.flags 2013-05-29 13:46:34.147971410 -0700 ++++ nspr/config/nspr-config.in 2013-05-29 14:17:10.990838914 -0700 +@@ -102,7 +102,7 @@ if test -z "$includedir"; then + includedir=@includedir@ + fi + if test -z "$libdir"; then +- libdir=@libdir@ ++ libdir=`pkg-config --variable=libdir nspr` + fi + + if test "$echo_prefix" = "yes"; then +@@ -136,12 +136,12 @@ if test "$echo_libs" = "yes"; then + if test -n "$lib_nspr"; then + libdirs="$libdirs -lnspr${major_version}" + fi +- os_ldflags="@LDFLAGS@" ++ os_ldflags=`pkg-config --variable=ldflags nspr` + for i in $os_ldflags ; do + if echo $i | grep \^-L >/dev/null; then + libdirs="$libdirs $i" + fi + done +- echo $libdirs @OS_LIBS@ ++ echo $libdirs `pkg-config --variable=os_libs nspr` + fi + +diff -up nspr/config/nspr.pc.in.flags nspr/config/nspr.pc.in +--- nspr/config/nspr.pc.in.flags 2013-05-29 13:48:15.026643570 -0700 ++++ nspr/config/nspr.pc.in 2013-05-29 13:49:47.795202949 -0700 +@@ -6,5 +6,5 @@ includedir=@includedir@ + Name: NSPR + Description: The Netscape Portable Runtime + Version: @MOD_MAJOR_VERSION@.@MOD_MINOR_VERSION@.@MOD_PATCH_VERSION@ +-Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@ ++Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@ @OS_LIBS@ + Cflags: -I@includedir@ diff --git a/SOURCES/nspr-config.xml b/SOURCES/nspr-config.xml new file mode 100644 index 0000000..9e3f99c --- /dev/null +++ b/SOURCES/nspr-config.xml @@ -0,0 +1,127 @@ + + + +]> + + + + + &date; + Netscape Portable Runtime + nspr + &version; + + + + nspr-config + 1 + + + + nspr-config + Return meta information about nspr libraries + + + + + nspr-config + + + + + + + + + + + + Description + nspr-config is a shell script which can be used to obtain gcc options for building client pacakges of nspr. + + + + Options + + + + + Returns the top level system directory under which the nspr libraries are installed. + + + + + Returns the top level system directory under which any nspr binaries would be installed. + + + + count + Returns the path to the directory were the nspr headers are installed. + + + + + Returns the upstream version of nspr in the form major_version-minor_version-patch_version. + + + + + Returns the compiler linking flags. + + + + + Returns the compiler include flags. + + + + + Returns the path to the directory were the nspr libraries are installed. + + + + + + + Examples + + The following example will query for both include path and linkage flags: + + /usr/bin/nspr-config --cflags --libs + + + + + + + + Files + + /usr/bin/nspr-config + + + + + See also + pkg-config(1) + + + + Authors + The NSPR liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/SOURCES/nspr-gcc-atomics.patch b/SOURCES/nspr-gcc-atomics.patch new file mode 100644 index 0000000..20eaefa --- /dev/null +++ b/SOURCES/nspr-gcc-atomics.patch @@ -0,0 +1,51 @@ +diff -up ./pr/include/md/_linux.h.gcc-atomics ./pr/include/md/_linux.h +--- ./pr/include/md/_linux.h.gcc-atomics 2022-09-20 11:23:22.008942926 -0700 ++++ ./pr/include/md/_linux.h 2022-09-20 11:34:45.536751340 -0700 +@@ -105,6 +105,15 @@ + #endif + + #if defined(__i386__) ++#if defined(__GNUC__) ++/* Use GCC built-in functions */ ++#define _PR_HAVE_ATOMIC_OPS ++#define _MD_INIT_ATOMIC() ++#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1) ++#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1) ++#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i) ++#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv) ++#else + #define _PR_HAVE_ATOMIC_OPS + #define _MD_INIT_ATOMIC() + extern PRInt32 _PR_x86_AtomicIncrement(PRInt32 *val); +@@ -116,6 +125,7 @@ extern PRInt32 _PR_x86_AtomicAdd(PRInt32 + extern PRInt32 _PR_x86_AtomicSet(PRInt32 *val, PRInt32 newval); + #define _MD_ATOMIC_SET _PR_x86_AtomicSet + #endif ++#endif + + #if defined(__ia64__) + #define _PR_HAVE_ATOMIC_OPS +@@ -131,6 +141,15 @@ extern PRInt32 _PR_ia64_AtomicSet(PRInt3 + #endif + + #if defined(__x86_64__) ++#if defined(__GNUC__) ++/* Use GCC built-in functions */ ++#define _PR_HAVE_ATOMIC_OPS ++#define _MD_INIT_ATOMIC() ++#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1) ++#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1) ++#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i) ++#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv) ++#else + #define _PR_HAVE_ATOMIC_OPS + #define _MD_INIT_ATOMIC() + extern PRInt32 _PR_x86_64_AtomicIncrement(PRInt32 *val); +@@ -142,6 +161,7 @@ extern PRInt32 _PR_x86_64_AtomicAdd(PRIn + extern PRInt32 _PR_x86_64_AtomicSet(PRInt32 *val, PRInt32 newval); + #define _MD_ATOMIC_SET _PR_x86_64_AtomicSet + #endif ++#endif + + #if defined(__loongarch__) + #if defined(__GNUC__) diff --git a/SOURCES/nss-3.101-add-certificate-compression-test.patch b/SOURCES/nss-3.101-add-certificate-compression-test.patch new file mode 100644 index 0000000..b2f073d --- /dev/null +++ b/SOURCES/nss-3.101-add-certificate-compression-test.patch @@ -0,0 +1,1383 @@ +diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c +--- a/cmd/lib/secutil.c ++++ b/cmd/lib/secutil.c +@@ -4487,16 +4487,114 @@ done: + return SECFailure; + } + + *enabledExporterCount = count; + *enabledExporters = exporters; + return SECSuccess; + } + ++typedef SECStatus (*secuEncodeFunc) (const SECItem *, SECItem *); ++typedef SECStatus (*secuDecodeFunc) (const SECItem *, unsigned char *, size_t, size_t *); ++#define EXT_COMP_MAX_ARGS 5 ++#define EXT_COMP_MIN_ARGS 4 ++#define EXT_COMP_ID 0 ++#define EXT_COMP_NAME 1 ++#define EXT_COMP_LIB 2 ++#define EXT_COMP_ENCODE 3 ++#define EXT_COMP_DECODE 4 ++SECStatus ++parseExternalCompessionString(secuExternalCompressionEntry *entry, ++ const char *opt) ++{ ++ SSLCertificateCompressionAlgorithm *alg = &entry->compAlg; ++ char *str = PORT_Strdup(opt); ++ char *save_ptr; ++ char *p; ++ char *args[EXT_COMP_MAX_ARGS] = { NULL }; ++ int i, arg_count=0; ++ PRLibSpec libSpec; ++ SECStatus rv = SECFailure; ++ ++ PORT_Memset(entry, 0, sizeof(secuExternalCompressionEntry)); ++ ++ if (!str) { ++ goto done; ++ } ++ ++ for (p = strtok_r(str, ",", &save_ptr), i=0; p && (i < EXT_COMP_MAX_ARGS) ; ++ i++, p = strtok_r(NULL, ",", &save_ptr)) { ++ args[i] = PORT_Strdup(p); ++ } ++ ++ arg_count = i; ++ if (arg_count < EXT_COMP_MIN_ARGS) { ++ goto done; ++ } ++ libSpec.type = PR_LibSpec_Pathname; ++ libSpec.value.pathname = args[EXT_COMP_LIB]; ++ entry->lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW|PR_LD_LOCAL); ++ if (entry->lib == NULL) { ++ goto done; ++ } ++ alg->id = atoi(args[EXT_COMP_ID]); ++ if (alg->id == 0) { ++ goto done; ++ } ++ alg->name = args[EXT_COMP_NAME]; ++ args[EXT_COMP_NAME] = NULL; ++ if (args[EXT_COMP_ENCODE] && *args[EXT_COMP_ENCODE]) { ++ alg->encode = (secuEncodeFunc) PR_FindFunctionSymbol(entry->lib, args[EXT_COMP_ENCODE]); ++ if (alg->encode == NULL) { ++ goto done; ++ } ++ } ++ if (args[EXT_COMP_DECODE] && *args[EXT_COMP_DECODE]) { ++ alg->decode = (secuDecodeFunc) PR_FindFunctionSymbol(entry->lib, args[EXT_COMP_DECODE]); ++ if (alg->decode == NULL) { ++ goto done; ++ } ++ } ++ /* make sure at least one of these has been set */ ++ if ((alg->encode == NULL) && (alg->decode == NULL)) { ++ goto done; ++ } ++ rv = SECSuccess; ++ ++done: ++ for (i=0; i < arg_count; i ++) { ++ if (args[i]) { ++ PORT_Free(args[i]); ++ } ++ } ++ if (str) { ++ PORT_Free(str); ++ } ++ ++ if (rv != SECSuccess) { ++ secuFreeExternalCompressionEntry(entry); ++ } ++ return rv; ++} ++ ++void ++secuFreeExternalCompressionEntry(secuExternalCompressionEntry *entry) ++{ ++ SSLCertificateCompressionAlgorithm *alg = &entry->compAlg; ++ if (entry->lib) { ++ PR_UnloadLibrary(entry->lib); ++ entry->lib = NULL; ++ } ++ if (alg->name) { ++ PORT_Free((char *)alg->name); ++ alg->name = NULL; ++ } ++} ++ ++ + static SECStatus + exportKeyingMaterial(PRFileDesc *fd, const secuExporter *exporter) + { + SECStatus rv = SECSuccess; + unsigned char *out = PORT_Alloc(exporter->outputLength); + + if (!out) { + fprintf(stderr, "Unable to allocate buffer for keying material\n"); +diff --git a/cmd/lib/secutil.h b/cmd/lib/secutil.h +--- a/cmd/lib/secutil.h ++++ b/cmd/lib/secutil.h +@@ -435,16 +435,27 @@ typedef struct { + SECStatus parseExporters(const char *arg, + const secuExporter **enabledExporters, + unsigned int *enabledExporterCount); + + SECStatus exportKeyingMaterials(PRFileDesc *fd, + const secuExporter *exporters, + unsigned int exporterCount); + ++typedef struct { ++ PRLibrary *lib; ++ SSLCertificateCompressionAlgorithm compAlg; ++} secuExternalCompressionEntry; ++ ++SECStatus ++parseExternalCompessionString(secuExternalCompressionEntry *, const char *opt); ++ ++void ++secuFreeExternalCompressionEntry(secuExternalCompressionEntry *); ++ + SECStatus readPSK(const char *arg, SECItem *psk, SECItem *label); + + /* + * + * Error messaging + * + */ + +diff --git a/cmd/selfserv/Makefile b/cmd/selfserv/Makefile +--- a/cmd/selfserv/Makefile ++++ b/cmd/selfserv/Makefile +@@ -1,10 +1,10 @@ + #! gmake +-# ++# + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + + ####################################################################### + # (1) Include initial platform-independent assignments (MANDATORY). # + ####################################################################### + +@@ -18,29 +18,27 @@ include $(CORE_DEPTH)/coreconf/config.mk + + ####################################################################### + # (3) Include "component" configuration information. (OPTIONAL) # + ####################################################################### + + ####################################################################### + # (4) Include "local" platform-dependent assignments (OPTIONAL). # + ####################################################################### ++ + include ../platlibs.mk ++include $(CORE_DEPTH)/coreconf/zlib.mk + + ####################################################################### + # (5) Execute "global" rules. (OPTIONAL) # + ####################################################################### + + include $(CORE_DEPTH)/coreconf/rules.mk + + ####################################################################### + # (6) Execute "component" rules. (OPTIONAL) # + ####################################################################### + +- +- + ####################################################################### + # (7) Execute "local" rules. (OPTIONAL). # + ####################################################################### + +- + include ../platrules.mk +- +diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c +--- a/cmd/selfserv/selfserv.c ++++ b/cmd/selfserv/selfserv.c +@@ -38,16 +38,17 @@ + #include "nss.h" + #include "ssl.h" + #include "sslproto.h" + #include "sslexp.h" + #include "cert.h" + #include "certt.h" + #include "ocsp.h" + #include "nssb64.h" ++#include "zlib.h" + + #ifndef PORT_Strstr + #define PORT_Strstr strstr + #endif + + #ifndef PORT_Malloc + #define PORT_Malloc PR_Malloc + #endif +@@ -56,16 +57,17 @@ int NumSidCacheEntries = 1024; + + static int handle_connection(PRFileDesc *, PRFileDesc *); + + static const char envVarName[] = { SSL_ENV_VAR_NAME }; + static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" }; + + #define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10 + #define MAX_CERT_NICKNAME_ARRAY_INDEX 10 ++#define MAX_EXTERNAL_COMPRESSERS_INDEX 10 + + #define DEFAULT_BULK_TEST 16384 + #define MAX_BULK_TEST 1048576 /* 1 MB */ + static PRBool testBulk; + static PRUint32 testBulkSize = DEFAULT_BULK_TEST; + static PRInt32 testBulkTotal; + static char *testBulkBuf; + static PRDescIdentity log_layer_id = PR_INVALID_IO_LAYER; +@@ -162,17 +164,18 @@ PrintUsageHeader(const char *progName) + fprintf(stderr, + "Usage: %s -n rsa_nickname -p port [-BDENRZbjlmrsuvx] [-w password]\n" + " [-t threads] [-i pid_file] [-c ciphers] [-Y] [-d dbdir] [-g numblocks]\n" + " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" + " [-V [min-version]:[max-version]] [-a sni_name]\n" + " [ T ] [-A ca]\n" + " [-C SSLCacheEntries] [-S dsa_nickname] [-Q]\n" + " [-I groups] [-J signatureschemes] [-e ec_nickname]\n" +- " -U [0|1] -H [0|1|2] -W [0|1] [-z externalPsk]\n" ++ " -U [0|1] -H [0|1|2] -W [0|1] [-z externalPsk] -q\n" ++ " [-K compression_spec]\n" + "\n", + progName); + } + + static void + PrintParameterUsage() + { + fputs( +@@ -248,17 +251,28 @@ PrintParameterUsage() + " 0xAAAABBBBCCCCDDDD:mylabel. Otherwise, the default label of\n" + " 'Client_identity' will be used.\n" + "-X Configure the server for ECH via the given . ECHParams\n" + " are expected in one of two formats:\n" + " 1. A string containing the ECH public name prefixed by the substring\n" + " \"publicname:\". For example, \"publicname:example.com\". In this mode,\n" + " an ephemeral ECH keypair is generated and ECHConfigs are printed to stdout.\n" + " 2. As a Base64 tuple of || . In this mode, the\n" +- " raw private key is used to bootstrap the HPKE context.\n", ++ " raw private key is used to bootstrap the HPKE context.\n" ++ "-q Enable zlib certificate compression\n" ++ "-K compression_spec Enable certificate compression with an external\n" ++ " compresser. The compression_spec value has the following format:\n" ++ " id,name,dll,encode,decode\n" ++ " where:\n" ++ " id is an int matching the ssl spec for the compresser.\n" ++ " name is a friendly name for the compresser.\n" ++ " dll is the path to the implementation for the compresser.\n" ++ " encode is the name of the encode function which will compress.\n" ++ " decode is the name of the decode function which will decompress.\n", ++ + stderr); + } + + static void + Usage(const char *progName) + { + PrintUsageHeader(progName); + PrintParameterUsage(); +@@ -816,16 +830,17 @@ logger(void *arg) + + PRBool useModelSocket = PR_FALSE; + static SSLVersionRange enabledVersions; + PRBool disableRollBack = PR_FALSE; + PRBool NoReuse = PR_FALSE; + PRBool hasSidCache = PR_FALSE; + PRBool disableLocking = PR_FALSE; + PRBool enableSessionTickets = PR_FALSE; ++PRBool enableZlibCertificateCompression = PR_FALSE; + PRBool failedToNegotiateName = PR_FALSE; + PRBool enableExtendedMasterSecret = PR_FALSE; + PRBool zeroRTT = PR_FALSE; + SSLAntiReplayContext *antiReplay = NULL; + PRBool enableALPN = PR_FALSE; + PRBool enablePostHandshakeAuth = PR_FALSE; + SSLNamedGroup *enabledGroups = NULL; + unsigned int enabledGroupsCount = 0; +@@ -835,16 +850,19 @@ const secuExporter *enabledExporters = N + unsigned int enabledExporterCount = 0; + + static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX]; + static int virtServerNameIndex = 1; + + static char *certNicknameArray[MAX_CERT_NICKNAME_ARRAY_INDEX]; + static int certNicknameIndex = 0; + ++static secuExternalCompressionEntry externalCompressionValues[MAX_EXTERNAL_COMPRESSERS_INDEX]; ++static int externalCompressionCount = 0; ++ + static const char stopCmd[] = { "GET /stop " }; + static const char getCmd[] = { "GET " }; + static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; + static const char outHeader[] = { + "HTTP/1.0 200 OK\r\n" + "Server: Generic Web Server\r\n" + "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n" + "Content-type: text/plain\r\n" +@@ -2062,16 +2080,92 @@ configureEch(PRFileDesc *model_sock) + { + if (!PORT_Strncmp(echParamsStr, "publicname:", PORT_Strlen("publicname:"))) { + return configureEchWithPublicName(model_sock, + &echParamsStr[PORT_Strlen("publicname:")]); + } + return configureEchWithData(model_sock); + } + ++SECStatus zlibCertificateDecode(const SECItem* input, unsigned char* output, ++ size_t outputLen, size_t* usedLen) ++{ ++ SECStatus rv = SECFailure; ++ if (!input || !input->data || input->len == 0 || !output || outputLen == 0) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return rv; ++ } ++ ++ z_stream strm = {}; ++ ++ if (inflateInit(&strm) != Z_OK) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return rv; ++ } ++ ++ strm.avail_in = input->len; ++ strm.next_in = input->data; ++ ++ strm.avail_out = outputLen; ++ strm.next_out = output; ++ ++ int ret = inflate(&strm, Z_FINISH); ++ if (ret != Z_STREAM_END || strm.avail_in == 0 || strm.avail_out == 0) { ++ PORT_SetError(SEC_ERROR_BAD_DATA); ++ return rv; ++ } ++ ++ *usedLen = strm.total_out; ++ rv = SECSuccess; ++ return rv; ++} ++ ++SECStatus zlibCertificateEncode(const SECItem* input, SECItem *output) ++{ ++ SECStatus rv = SECFailure; ++ if (!input || !input->data || input->len == 0 || !output || ++ !output->data || output->len == 0) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return rv; ++ } ++ ++ z_stream strm = {}; ++ ++ if (deflateInit(&strm, 9) != Z_OK) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return rv; ++ } ++ ++ strm.avail_in = input->len; ++ strm.next_in = input->data; ++ ++ strm.avail_out = output->len; ++ strm.next_out = output->data; ++ ++ int ret = deflate(&strm, Z_FINISH); ++ if (ret != Z_STREAM_END || strm.avail_in == 0 || strm.avail_out == 0) { ++ PORT_SetError(SEC_ERROR_BAD_DATA); ++ return rv; ++ } ++ ++ output->len = strm.total_out; ++ rv = SECSuccess; ++ return rv; ++} ++ ++static SECStatus ++configureZlibCompression(PRFileDesc *model_sock) ++{ ++ SSLCertificateCompressionAlgorithm zlibAlg = {1, "zlib", ++ zlibCertificateEncode, ++ zlibCertificateDecode}; ++ ++ return SSL_SetCertificateCompressionAlgorithm(model_sock, zlibAlg); ++} ++ + void + server_main( + PRFileDesc *listen_sock, + SECKEYPrivateKey **privKey, + CERTCertificate **cert, + const char *expectedHostNameVal) + { + int i; +@@ -2118,16 +2212,32 @@ server_main( + } + if (enableSessionTickets) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); + if (rv != SECSuccess) { + errExit("error enabling Session Ticket extension "); + } + } + ++ if (enableZlibCertificateCompression) { ++ rv = configureZlibCompression(model_sock); ++ if (rv != SECSuccess) { ++ errExit("error enabling Zlib Certificate Compression"); ++ } ++ } ++ ++ for (i=0; i < externalCompressionCount; i++) { ++ secuExternalCompressionEntry *e = &externalCompressionValues[i]; ++ SSLCertificateCompressionAlgorithm alg = e->compAlg; ++ rv = SSL_SetCertificateCompressionAlgorithm(model_sock, alg); ++ if (rv != SECSuccess) { ++ errExit("error enabling External Certificate Compression"); ++ } ++ } ++ + if (virtServerNameIndex > 1) { + rv = SSL_SNISocketConfigHook(model_sock, mySSLSNISocketConfig, + (void *)&virtServerNameArray); + if (rv != SECSuccess) { + errExit("error enabling SNI extension "); + } + } + +@@ -2528,17 +2638,17 @@ main(int argc, char **argv) + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); + + /* please keep this list of options in ASCII collating sequence. + ** numbers, then capital letters, then lower case, alphabetical. + ** XXX: 'B', and 'q' were used in the past but removed + ** in 3.28, please leave some time before resuing those. */ + optstate = PL_CreateOptState(argc, argv, +- "2:A:C:DEGH:I:J:L:M:NP:QRS:T:U:V:W:X:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:x:yz:"); ++ "2:A:C:DEGH:I:J:K:L:M:NP:QRS:T:U:V:W:X:YZa:bc:d:e:f:g:hi:jk:lmn:op:rqst:uvw:x:yz:"); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + ++optionsFound; + switch (optstate->option) { + case '2': + fileName = optstate->value; + break; + + case 'A': +@@ -2553,22 +2663,56 @@ main(int argc, char **argv) + case 'D': + noDelay = PR_TRUE; + break; + + case 'E': + enablePostHandshakeAuth = PR_TRUE; + break; + ++ case 'G': ++ enableExtendedMasterSecret = PR_TRUE; ++ break; ++ + case 'H': + configureDHE = (PORT_Atoi(optstate->value) != 0); + break; + +- case 'G': +- enableExtendedMasterSecret = PR_TRUE; ++ case 'I': ++ rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount); ++ if (rv != SECSuccess) { ++ PL_DestroyOptState(optstate); ++ fprintf(stderr, "Bad group specified.\n"); ++ fprintf(stderr, "Run '%s -h' for usage information.\n", progName); ++ exit(5); ++ } ++ break; ++ ++ case 'J': ++ rv = parseSigSchemeList(optstate->value, &enabledSigSchemes, &enabledSigSchemeCount); ++ if (rv != SECSuccess) { ++ PL_DestroyOptState(optstate); ++ fprintf(stderr, "Bad signature scheme specified.\n"); ++ fprintf(stderr, "Run '%s -h' for usage information.\n", progName); ++ exit(5); ++ } ++ break; ++ ++ case 'K': ++ if (externalCompressionCount >= MAX_EXTERNAL_COMPRESSERS_INDEX) { ++ Usage(progName); ++ break; ++ } ++ rv = parseExternalCompessionString(&externalCompressionValues ++ [externalCompressionCount++], ++ optstate->value); ++ if (rv != SECSuccess) { ++ Usage(progName); ++ break; ++ } + break; + + case 'L': + logStats = PR_TRUE; + if (optstate->value == NULL) { + logPeriod = 30; + } else { + logPeriod = PORT_Atoi(optstate->value); +@@ -2584,16 +2728,24 @@ main(int argc, char **argv) + if (maxProcs > MAX_PROCS) + maxProcs = MAX_PROCS; + break; + + case 'N': + NoReuse = PR_TRUE; + break; + ++ case 'P': ++ certPrefix = PORT_Strdup(optstate->value); ++ break; ++ ++ case 'Q': ++ enableALPN = PR_TRUE; ++ break; ++ + case 'R': + disableRollBack = PR_TRUE; + break; + + case 'S': + if (certNicknameIndex >= MAX_CERT_NICKNAME_ARRAY_INDEX) { + Usage(progName); + break; +@@ -2622,21 +2774,34 @@ main(int argc, char **argv) + exit(1); + } + break; + + case 'W': + configureWeakDHE = (PORT_Atoi(optstate->value) != 0); + break; + ++ case 'X': ++ echParamsStr = PORT_Strdup(optstate->value); ++ if (echParamsStr == NULL) { ++ PL_DestroyOptState(optstate); ++ fprintf(stderr, "echParamsStr copy failed.\n"); ++ exit(5); ++ } ++ break; ++ + case 'Y': + PrintCipherUsage(progName); + exit(0); + break; + ++ case 'Z': ++ zeroRTT = PR_TRUE; ++ break; ++ + case 'a': + if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) { + Usage(progName); + break; + } + virtServerNameArray[virtServerNameIndex++] = + PORT_Strdup(optstate->value); + break; +@@ -2701,28 +2866,28 @@ main(int argc, char **argv) + if (certNicknameIndex >= MAX_CERT_NICKNAME_ARRAY_INDEX) { + Usage(progName); + break; + } + certNicknameArray[certNicknameIndex++] = PORT_Strdup(optstate->value); + virtServerNameArray[0] = PORT_Strdup(optstate->value); + break; + +- case 'P': +- certPrefix = PORT_Strdup(optstate->value); +- break; +- + case 'o': + MakeCertOK = 1; + break; + + case 'p': + port = PORT_Atoi(optstate->value); + break; + ++ case 'q': ++ enableZlibCertificateCompression = PR_TRUE; ++ break; ++ + case 'r': + ++requestCert; + break; + + case 's': + disableLocking = PR_TRUE; + break; + +@@ -2746,73 +2911,37 @@ main(int argc, char **argv) + pwdata.source = PW_PLAINTEXT; + pwdata.data = passwd = PORT_Strdup(optstate->value); + break; + + case 'y': + debugCache = PR_TRUE; + break; + +- case 'Z': +- zeroRTT = PR_TRUE; ++ case 'x': ++ rv = parseExporters(optstate->value, ++ &enabledExporters, &enabledExporterCount); ++ if (rv != SECSuccess) { ++ PL_DestroyOptState(optstate); ++ fprintf(stderr, "Bad exporter specified.\n"); ++ fprintf(stderr, "Run '%s -h' for usage information.\n", progName); ++ exit(5); ++ } + break; + + case 'z': + rv = readPSK(optstate->value, &psk, &pskLabel); + if (rv != SECSuccess) { + PL_DestroyOptState(optstate); + fprintf(stderr, "Bad PSK specified.\n"); + Usage(progName); + exit(1); + } + break; + +- case 'Q': +- enableALPN = PR_TRUE; +- break; +- +- case 'I': +- rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount); +- if (rv != SECSuccess) { +- PL_DestroyOptState(optstate); +- fprintf(stderr, "Bad group specified.\n"); +- fprintf(stderr, "Run '%s -h' for usage information.\n", progName); +- exit(5); +- } +- break; +- +- case 'J': +- rv = parseSigSchemeList(optstate->value, &enabledSigSchemes, &enabledSigSchemeCount); +- if (rv != SECSuccess) { +- PL_DestroyOptState(optstate); +- fprintf(stderr, "Bad signature scheme specified.\n"); +- fprintf(stderr, "Run '%s -h' for usage information.\n", progName); +- exit(5); +- } +- break; +- +- case 'x': +- rv = parseExporters(optstate->value, +- &enabledExporters, &enabledExporterCount); +- if (rv != SECSuccess) { +- PL_DestroyOptState(optstate); +- fprintf(stderr, "Bad exporter specified.\n"); +- fprintf(stderr, "Run '%s -h' for usage information.\n", progName); +- exit(5); +- } +- break; +- +- case 'X': +- echParamsStr = PORT_Strdup(optstate->value); +- if (echParamsStr == NULL) { +- PL_DestroyOptState(optstate); +- fprintf(stderr, "echParamsStr copy failed.\n"); +- exit(5); +- } +- break; + default: + case '?': + fprintf(stderr, "Unrecognized or bad option specified: %c\n", optstate->option); + fprintf(stderr, "Run '%s -h' for usage information.\n", progName); + exit(4); + break; + } + } +@@ -3126,16 +3255,21 @@ cleanup: + PORT_Free(enabledGroups); + } + if (antiReplay) { + SSL_ReleaseAntiReplayContext(antiReplay); + } + SECITEM_ZfreeItem(&psk, PR_FALSE); + SECITEM_ZfreeItem(&pskLabel, PR_FALSE); + PORT_Free(echParamsStr); ++ ++ for (i=0; i < externalCompressionCount; i++) { ++ secuFreeExternalCompressionEntry(&externalCompressionValues[i]); ++ } ++ + if (NSS_Shutdown() != SECSuccess) { + SECU_PrintError(progName, "NSS_Shutdown"); + if (loggerThread) { + PR_JoinThread(loggerThread); + } + PR_Cleanup(); + exit(1); + } +diff --git a/cmd/selfserv/selfserv.gyp b/cmd/selfserv/selfserv.gyp +--- a/cmd/selfserv/selfserv.gyp ++++ b/cmd/selfserv/selfserv.gyp +@@ -11,20 +11,21 @@ + 'target_name': 'selfserv', + 'type': 'executable', + 'sources': [ + 'selfserv.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:dbm_exports', + '<(DEPTH)/exports.gyp:nss_exports' ++ '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib' + ] + } + ], + 'target_defaults': { + 'defines': [ + 'NSPR20' + ] + }, + 'variables': { + 'module': 'nss' + } +-} +\ No newline at end of file ++} +diff --git a/cmd/tstclnt/Makefile b/cmd/tstclnt/Makefile +--- a/cmd/tstclnt/Makefile ++++ b/cmd/tstclnt/Makefile +@@ -20,16 +20,17 @@ include $(CORE_DEPTH)/coreconf/config.mk + # (3) Include "component" configuration information. (OPTIONAL) # + ####################################################################### + + ####################################################################### + # (4) Include "local" platform-dependent assignments (OPTIONAL). # + ####################################################################### + + include ../platlibs.mk ++include $(CORE_DEPTH)/coreconf/zlib.mk + + ####################################################################### + # (5) Execute "global" rules. (OPTIONAL) # + ####################################################################### + + include $(CORE_DEPTH)/coreconf/rules.mk + + ####################################################################### +diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c +--- a/cmd/tstclnt/tstclnt.c ++++ b/cmd/tstclnt/tstclnt.c +@@ -18,16 +18,17 @@ + #endif + + #include + #include + #include + #include + #include + #include ++#include + + #include "nspr.h" + #include "prio.h" + #include "prnetdb.h" + #include "nss.h" + #include "nssb64.h" + #include "ocsp.h" + #include "ssl.h" +@@ -48,16 +49,17 @@ + printf + #define FPRINTF \ + if (verbose) \ + fprintf + + #define MAX_WAIT_FOR_SERVER 600 + #define WAIT_INTERVAL 100 + #define ZERO_RTT_MAX (2 << 16) ++#define MAX_EXTERNAL_COMPRESSERS_INDEX 10 + + #define EXIT_CODE_HANDSHAKE_FAILED 254 + + #define EXIT_CODE_SIDECHANNELTEST_GOOD 0 + #define EXIT_CODE_SIDECHANNELTEST_BADCERT 1 + #define EXIT_CODE_SIDECHANNELTEST_NODATA 2 + #define EXIT_CODE_SIDECHANNELTEST_REVOKED 3 + +@@ -228,17 +230,17 @@ PrintUsageHeader() + "Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n" + " [-D | -d certdir] [-C] [-b | -R root-module] \n" + " [-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z] [-E]\n" + " [-V [min-version]:[max-version]] [-K] [-T] [-U]\n" + " [-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n" + " [-I groups] [-J signatureschemes]\n" + " [-A requestfile] [-L totalconnections] [-P {client,server}]\n" + " [-N echConfigs] [-Q] [-z externalPsk]\n" +- " [-i echGreaseSize]\n" ++ " [-i echGreaseSize] [-j] [-k {compression_spec}]\n" + "\n", + progName); + } + + static void + PrintParameterUsage() + { + fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n" +@@ -332,16 +334,27 @@ PrintParameterUsage() + "-x", "", "", "", "", ""); + fprintf(stderr, + "%-20s Configure a TLS 1.3 External PSK with the given hex string for a key\n" + "%-20s To specify a label, use ':' as a delimiter. For example\n" + "%-20s 0xAAAABBBBCCCCDDDD:mylabel. Otherwise, the default label of\n" + "%-20s 'Client_identity' will be used.\n", + "-z externalPsk", "", "", ""); + fprintf(stderr, "%-20s Enable middlebox compatibility mode (TLS 1.3 only)\n", "-e"); ++ fprintf(stderr, "%-20s Enable zlib certificate compression\n", "-j"); ++ fprintf(stderr, "%-20s Enable certificate compression with an external\n", "-k {compression_spec}"); ++ fprintf(stderr, "%-20s compresser. The compression_spec value has the following format:\n" ++ "%-20s id,name,dll,encode,decode\n" ++ "%-20s where:\n" ++ "%-20s %-10s is an int matching the ssl spec for the compresser.\n" ++ "%-20s %-10s is a friendly name for the compresser.\n" ++ "%-20s %-10s is the path to the implementation for the compresser.\n" ++ "%-20s %-10s is the name of the encode function which will compress.\n" ++ "%-20s %-10s is the name of the decode function which will decompress.\n", "", "", "", "", "id", "", "name", "", "dll", "", "encode", "", "decode"); ++ + } + + static void + Usage() + { + PrintUsageHeader(); + PrintParameterUsage(); + exit(1); +@@ -1037,16 +1050,17 @@ restartHandshakeAfterServerCertIfNeeded( + + char *host = NULL; + char *nickname = NULL; + char *cipherString = NULL; + int multiplier = 0; + SSLVersionRange enabledVersions; + int disableLocking = 0; + int enableSessionTickets = 0; ++int enableZlibCertificateCompression = 0; + int enableFalseStart = 0; + int enableCertStatus = 0; + int enableSignedCertTimestamps = 0; + int forceFallbackSCSV = 0; + int enableExtendedMasterSecret = 0; + PRBool requireDHNamedGroups = 0; + PRBool middleboxCompatMode = 0; + PRSocketOptionData opt; +@@ -1073,16 +1087,19 @@ PRBool requestToExit = PR_FALSE; + char *versionString = NULL; + PRBool handshakeComplete = PR_FALSE; + char *echConfigs = NULL; + PRUint16 echGreaseSize = 0; + PRBool enablePostHandshakeAuth = PR_FALSE; + PRBool enableDelegatedCredentials = PR_FALSE; + const secuExporter *enabledExporters = NULL; + unsigned int enabledExporterCount = 0; ++secuExternalCompressionEntry externalCompressionValues[MAX_EXTERNAL_COMPRESSERS_INDEX]; ++int externalCompressionCount = 0; ++ + + static int + writeBytesToServer(PRFileDesc *s, const PRUint8 *buf, int nb) + { + SECStatus rv; + const PRUint8 *bufp = buf; + PRPollDesc pollDesc; + +@@ -1355,21 +1372,98 @@ printEchRetryConfigs(PRFileDesc *s) + } + fprintf(stderr, "Received ECH retry_configs: \n%s\n", retriesBase64); + PORT_Free(retriesBase64); + SECITEM_FreeItem(&retries, PR_FALSE); + } + return SECSuccess; + } + ++SECStatus zlibCertificateDecode(const SECItem* input, unsigned char* output, ++ size_t outputLen, size_t* usedLen) ++{ ++ SECStatus rv = SECFailure; ++ if (!input || !input->data || input->len == 0 || !output || outputLen == 0) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return rv; ++ } ++ ++ z_stream strm = {}; ++ ++ if (inflateInit(&strm) != Z_OK) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return rv; ++ } ++ ++ strm.avail_in = input->len; ++ strm.next_in = input->data; ++ ++ strm.avail_out = outputLen; ++ strm.next_out = output; ++ ++ int ret = inflate(&strm, Z_FINISH); ++ if (ret != Z_STREAM_END || strm.avail_in == 0 || strm.avail_out == 0) { ++ PORT_SetError(SEC_ERROR_BAD_DATA); ++ return rv; ++ } ++ ++ *usedLen = strm.total_out; ++ rv = SECSuccess; ++ return rv; ++} ++ ++SECStatus zlibCertificateEncode(const SECItem* input, SECItem *output) ++{ ++ SECStatus rv = SECFailure; ++ if (!input || !input->data || input->len == 0 || !output || ++ !output->data || output->len == 0) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return rv; ++ } ++ ++ z_stream strm = {}; ++ ++ if (deflateInit(&strm, 9) != Z_OK) { ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return rv; ++ } ++ ++ strm.avail_in = input->len; ++ strm.next_in = input->data; ++ ++ strm.avail_out = output->len; ++ strm.next_out = output->data; ++ ++ int ret = deflate(&strm, Z_FINISH); ++ if (ret != Z_STREAM_END || strm.avail_in == 0 || strm.avail_out == 0) { ++ PORT_SetError(SEC_ERROR_BAD_DATA); ++ return rv; ++ } ++ ++ output->len = strm.total_out; ++ rv = SECSuccess; ++ return rv; ++} ++ ++static SECStatus ++configureZlibCompression(PRFileDesc *model_sock) ++{ ++ SSLCertificateCompressionAlgorithm zlibAlg = {1, "zlib", ++ zlibCertificateEncode, ++ zlibCertificateDecode}; ++ ++ return SSL_SetCertificateCompressionAlgorithm(model_sock, zlibAlg); ++} ++ + static int + run() + { + int headerSeparatorPtrnId = 0; + int error = 0; ++ int i; + SECStatus rv; + PRStatus status; + PRInt32 filesReady; + PRFileDesc *s = NULL; + PRFileDesc *std_out; + PRPollDesc pollset[2] = { { 0 }, { 0 } }; + PRBool wrStarted = PR_FALSE; + +@@ -1511,16 +1605,36 @@ run() + rv = SSL_OptionSet(s, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "error forcing fallback scsv"); + error = 1; + goto done; + } + } + ++ if (enableZlibCertificateCompression) { ++ rv = configureZlibCompression(s); ++ if (rv != SECSuccess) { ++ SECU_PrintError(progName, "error enabling Zlib Certificate Compression"); ++ error=1; ++ goto done; ++ } ++ } ++ ++ for (i=0; i < externalCompressionCount; i++) { ++ secuExternalCompressionEntry *e = &externalCompressionValues[i]; ++ SSLCertificateCompressionAlgorithm alg = e->compAlg; ++ rv = SSL_SetCertificateCompressionAlgorithm(s, alg); ++ if (rv != SECSuccess) { ++ SECU_PrintError(progName, "error enabling External Certificate Compression"); ++ error=1; ++ goto done; ++ } ++ } ++ + /* enable cert status (OCSP stapling). */ + rv = SSL_OptionSet(s, SSL_ENABLE_OCSP_STAPLING, enableCertStatus); + if (rv != SECSuccess) { + SECU_PrintError(progName, "error enabling cert status (OCSP stapling)"); + error = 1; + goto done; + } + +@@ -1895,16 +2009,17 @@ main(int argc, char **argv) + char *tmp; + SECStatus rv; + char *certDir = NULL; + PRBool openDB = PR_TRUE; + PRBool loadDefaultRootCAs = PR_FALSE; + char *rootModule = NULL; + int numConnections = 1; + PRFileDesc *s = NULL; ++ int i; + + serverCertAuth.shouldPause = PR_TRUE; + serverCertAuth.isPaused = PR_FALSE; + serverCertAuth.dbHandle = NULL; + serverCertAuth.testFreshStatusFromSideChannel = PR_FALSE; + serverCertAuth.sideChannelRevocationTestResultCode = EXIT_CODE_HANDSHAKE_FAILED; + serverCertAuth.requireDataForIntermediates = PR_FALSE; + serverCertAuth.allowOCSPSideChannelData = PR_TRUE; +@@ -1919,29 +2034,30 @@ main(int argc, char **argv) + if (tmp && tmp[0]) { + int sec = PORT_Atoi(tmp); + if (sec > 0) { + maxInterval = PR_SecondsToInterval(sec); + } + } + + optstate = PL_CreateOptState(argc, argv, +- "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:i:m:n:op:qr:st:uvw:x:z:"); ++ "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:i:jk:m:n:op:qr:st:uvw:x:z:"); + while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch (optstate->option) { + case '?': + default: + Usage(); + break; + + case '4': + allowIPv6 = PR_FALSE; + if (!allowIPv4) + Usage(); + break; ++ + case '6': + allowIPv4 = PR_FALSE; + if (!allowIPv6) + Usage(); + break; + + case 'A': + requestFile = PORT_Strdup(optstate->value); +@@ -1974,19 +2090,32 @@ main(int argc, char **argv) + case 'G': + enableExtendedMasterSecret = PR_TRUE; + break; + + case 'H': + requireDHNamedGroups = PR_TRUE; + break; + +- case 'O': +- clientCertAsyncSelect = PR_FALSE; +- serverCertAuth.shouldPause = PR_FALSE; ++ case 'I': ++ rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount); ++ if (rv != SECSuccess) { ++ PL_DestroyOptState(optstate); ++ fprintf(stderr, "Bad group specified.\n"); ++ Usage(); ++ } ++ break; ++ ++ case 'J': ++ rv = parseSigSchemeList(optstate->value, &enabledSigSchemes, &enabledSigSchemeCount); ++ if (rv != SECSuccess) { ++ PL_DestroyOptState(optstate); ++ fprintf(stderr, "Bad signature scheme specified.\n"); ++ Usage(); ++ } + break; + + case 'K': + forceFallbackSCSV = PR_TRUE; + break; + + case 'L': + numConnections = atoi(optstate->value); +@@ -2009,22 +2138,19 @@ main(int argc, char **argv) + break; + }; + break; + + case 'N': + echConfigs = PORT_Strdup(optstate->value); + break; + +- case 'i': +- echGreaseSize = PORT_Atoi(optstate->value); +- if (!echGreaseSize || echGreaseSize > 255) { +- fprintf(stderr, "ECH Grease size must be within 1..255 (inclusive).\n"); +- exit(-1); +- } ++ case 'O': ++ clientCertAsyncSelect = PR_FALSE; ++ serverCertAuth.shouldPause = PR_FALSE; + break; + + case 'P': + useDTLS = PR_TRUE; + if (!strcmp(optstate->value, "server")) { + actAsServer = 1; + } else { + if (strcmp(optstate->value, "client")) { +@@ -2052,23 +2178,29 @@ main(int argc, char **argv) + case 'U': + enableSignedCertTimestamps = 1; + break; + + case 'V': + versionString = PORT_Strdup(optstate->value); + break; + ++ case 'W': ++ pwdata.source = PW_FROMFILE; ++ pwdata.data = PORT_Strdup(optstate->value); ++ break; ++ + case 'X': + if (!strcmp(optstate->value, "alt-server-hello")) { + enableAltServerHello = PR_TRUE; + } else { + Usage(); + } + break; ++ + case 'Y': + PrintCipherUsage(); + exit(0); + break; + + case 'Z': + enableZeroRtt = PR_TRUE; + zeroRttData = PORT_ZAlloc(ZERO_RTT_MAX); +@@ -2091,36 +2223,62 @@ main(int argc, char **argv) + case 'b': + loadDefaultRootCAs = PR_TRUE; + break; + + case 'c': + cipherString = PORT_Strdup(optstate->value); + break; + +- case 'g': +- enableFalseStart = 1; +- break; +- + case 'd': + certDir = PORT_Strdup(optstate->value); + break; + + case 'e': + middleboxCompatMode = PR_TRUE; + break; + + case 'f': + clientSpeaksFirst = PR_TRUE; + break; + ++ case 'g': ++ enableFalseStart = 1; ++ break; ++ + case 'h': + host = PORT_Strdup(optstate->value); + break; + ++ case 'i': ++ echGreaseSize = PORT_Atoi(optstate->value); ++ if (!echGreaseSize || echGreaseSize > 255) { ++ fprintf(stderr, "ECH Grease size must be within 1..255 (inclusive).\n"); ++ exit(-1); ++ } ++ break; ++ ++ case 'j': ++ enableZlibCertificateCompression = PR_TRUE; ++ break; ++ ++ case 'k': ++ if (externalCompressionCount >= MAX_EXTERNAL_COMPRESSERS_INDEX) { ++ Usage(progName); ++ break; ++ } ++ rv = parseExternalCompessionString(&externalCompressionValues ++ [externalCompressionCount++], ++ optstate->value); ++ if (rv != SECSuccess) { ++ Usage(progName); ++ break; ++ } ++ break; ++ + case 'm': + multiplier = atoi(optstate->value); + if (multiplier < 0) + multiplier = 0; + break; + + case 'n': + nickname = PORT_Strdup(optstate->value); +@@ -2133,64 +2291,41 @@ main(int argc, char **argv) + case 'p': + portno = (PRUint16)atoi(optstate->value); + break; + + case 'q': + pingServerFirst = PR_TRUE; + break; + ++ case 'r': ++ renegotiationsToDo = atoi(optstate->value); ++ break; ++ + case 's': + disableLocking = 1; + break; + + case 't': + pingTimeoutSeconds = atoi(optstate->value); + break; + + case 'u': + enableSessionTickets = PR_TRUE; + break; + + case 'v': + verbose++; + break; + +- case 'r': +- renegotiationsToDo = atoi(optstate->value); +- break; +- + case 'w': + pwdata.source = PW_PLAINTEXT; + pwdata.data = PORT_Strdup(optstate->value); + break; + +- case 'W': +- pwdata.source = PW_FROMFILE; +- pwdata.data = PORT_Strdup(optstate->value); +- break; +- +- case 'I': +- rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount); +- if (rv != SECSuccess) { +- PL_DestroyOptState(optstate); +- fprintf(stderr, "Bad group specified.\n"); +- Usage(); +- } +- break; +- +- case 'J': +- rv = parseSigSchemeList(optstate->value, &enabledSigSchemes, &enabledSigSchemeCount); +- if (rv != SECSuccess) { +- PL_DestroyOptState(optstate); +- fprintf(stderr, "Bad signature scheme specified.\n"); +- Usage(); +- } +- break; +- + case 'x': + rv = parseExporters(optstate->value, + &enabledExporters, + &enabledExporterCount); + if (rv != SECSuccess) { + PL_DestroyOptState(optstate); + fprintf(stderr, "Bad exporter specified.\n"); + Usage(); +@@ -2411,16 +2546,20 @@ done: + PORT_Free(nickname); + PORT_Free(pwdata.data); + PORT_Free(host); + PORT_Free(zeroRttData); + PORT_Free(echConfigs); + SECITEM_ZfreeItem(&psk, PR_FALSE); + SECITEM_ZfreeItem(&pskLabel, PR_FALSE); + ++ for (i=0; i < externalCompressionCount; i++) { ++ secuFreeExternalCompressionEntry(&externalCompressionValues[i]); ++ } ++ + if (enabledGroups) { + PORT_Free(enabledGroups); + } + if (NSS_IsInitialized()) { + SSL_ClearSessionCache(); + if (initializedServerSessionCache) { + if (SSL_ShutdownServerSessionIDCache() != SECSuccess) { + error = 1; +diff --git a/cmd/tstclnt/tstclnt.gyp b/cmd/tstclnt/tstclnt.gyp +--- a/cmd/tstclnt/tstclnt.gyp ++++ b/cmd/tstclnt/tstclnt.gyp +@@ -11,21 +11,22 @@ + 'target_name': 'tstclnt', + 'type': 'executable', + 'sources': [ + 'tstclnt.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:dbm_exports', + '<(DEPTH)/exports.gyp:nss_exports' ++ '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib' + ] + } + ], + 'target_defaults': { + 'defines': [ + 'DLL_PREFIX=\"<(dll_prefix)\"', + 'DLL_SUFFIX=\"<(dll_suffix)\"' + ] + }, + 'variables': { + 'module': 'nss' + } +-} +\ No newline at end of file ++} +diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt +--- a/tests/ssl/sslauth.txt ++++ b/tests/ssl/sslauth.txt +@@ -64,16 +64,19 @@ + ECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec TLS 1.0 Require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_ TLS 1.0 Require client auth on 2nd hs (EC) (client auth) + ECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth) + ECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth) + ECC 0 -r_-r_-J_ecdsa\\_secp256r1\\_sha256 -V_tls1.2:_-w_nss TLS 1.2 Require client auth auto select(EC) (client auth) + ECC 0 -r_-r_-J_ecdsa\\_secp256r1\\_sha256,ecdsa\\_secp384r1\\_sha384 -V_tls1.3:_-w_nss TLS 1.3 Require client auth auto select (EC) (client auth) ++ ECC 0 -r_-r_-J_ecdsa\\_secp256r1\\_sha256,ecdsa\\_secp384r1\\_sha384 -V_tls1.3:_-w_nss_-j TLS 1.3 client certificate compression ++ ECC 0 -r_-r_-J_ecdsa\\_secp256r1\\_sha256,ecdsa\\_secp384r1\\_sha384_-q -V_tls1.3:_-w_nss TLS 1.3 server certificate compression ++ ECC 0 -r_-r_-J_ecdsa\\_secp256r1\\_sha256,ecdsa\\_secp384r1\\_sha384_-q -V_tls1.3:_-w_nss_-j TLS 1.3 client/server certificate comlpression + # + # SNI Tests + # + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:tls1.2_-w_nss_-n_TestUser TLS Server hello response without SNI + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions diff --git a/SOURCES/nss-3.101-add-ems-policy.patch b/SOURCES/nss-3.101-add-ems-policy.patch new file mode 100644 index 0000000..6464fbc --- /dev/null +++ b/SOURCES/nss-3.101-add-ems-policy.patch @@ -0,0 +1,107 @@ +diff -up ./lib/pk11wrap/pk11pars.c.ems ./lib/pk11wrap/pk11pars.c +--- ./lib/pk11wrap/pk11pars.c.ems 2024-06-11 13:09:25.956760476 -0700 ++++ ./lib/pk11wrap/pk11pars.c 2024-06-11 13:09:52.837067481 -0700 +@@ -433,6 +433,8 @@ static const oidValDef kxOptList[] = { + { CIPHER_NAME("ECDHE-RSA"), SEC_OID_TLS_ECDHE_RSA, NSS_USE_ALG_IN_SSL_KX }, + { CIPHER_NAME("ECDH-ECDSA"), SEC_OID_TLS_ECDH_ECDSA, NSS_USE_ALG_IN_SSL_KX }, + { CIPHER_NAME("ECDH-RSA"), SEC_OID_TLS_ECDH_RSA, NSS_USE_ALG_IN_SSL_KX }, ++ { CIPHER_NAME("TLS-REQUIRE-EMS"), SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX }, ++ + }; + + static const oidValDef smimeKxOptList[] = { +diff -up ./lib/pk11wrap/secmodti.h.add_ems_policy ./lib/pk11wrap/secmodti.h +--- ./lib/pk11wrap/secmodti.h.add_ems_policy 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/pk11wrap/secmodti.h 2023-06-12 17:18:35.129938514 -0700 +@@ -202,4 +202,10 @@ struct PK11GenericObjectStr { + /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ + #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL + ++/* this oid value could change values if it's added after other new ++ * upstream oids. We protect applications by hiding the define in a private ++ * header file that only NSS sees. Currently it's only available through ++ * the policy code */ ++#define SEC_OID_TLS_REQUIRE_EMS SEC_OID_PRIVATE_1 ++ + #endif /* _SECMODTI_H_ */ +diff -up ./lib/ssl/ssl3con.c.add_ems_policy ./lib/ssl/ssl3con.c +--- ./lib/ssl/ssl3con.c.add_ems_policy 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/ssl/ssl3con.c 2023-06-12 17:18:35.130938525 -0700 +@@ -36,6 +36,7 @@ + #include "pk11func.h" + #include "secmod.h" + #include "blapi.h" ++#include "secmodti.h" /* until SEC_OID_TLS_REQUIRE_EMS is upstream */ + + #include + +@@ -3480,6 +3481,29 @@ ssl3_ComputeMasterSecretInt(sslSocket *s + CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; + unsigned int master_params_len; + ++ /* if we are using TLS and we aren't using the extended master secret, ++ * and SEC_OID_TLS_REQUIRE_EMS policy is true, fail. The caller will ++ * send and alert (eventually). In the RSA Server case, the alert ++ * won't happen until Finish time because the upper level code ++ * can't tell a difference between this failure and an RSA decrypt ++ * failure, so it will proceed with a faux key */ ++ if (isTLS) { ++ PRUint32 policy; ++ SECStatus rv; ++ ++ /* first fetch the policy for this algorithm */ ++ rv = NSS_GetAlgorithmPolicy(SEC_OID_TLS_REQUIRE_EMS, &policy); ++ /* we only look at the policy if we can fetch it. */ ++ if (rv == SECSuccess) { ++ if (policy & NSS_USE_ALG_IN_SSL_KX) { ++ /* just set the error, we don't want to map any errors ++ * set by NSS_GetAlgorithmPolicy here */ ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); ++ return SECFailure; ++ } ++ } ++ } ++ + if (isTLS12) { + if (isDH) + master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; +diff -up ./lib/util/secoid.c.ems ./lib/util/secoid.c +--- ./lib/util/secoid.c.ems 2024-06-11 13:11:28.078155282 -0700 ++++ ./lib/util/secoid.c 2024-06-11 13:12:58.511188172 -0700 +@@ -1890,6 +1890,12 @@ const static SECOidData oids[SEC_OID_TOT + ODE(SEC_OID_RC2_64_CBC, "RC2-64-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION), + ODE(SEC_OID_RC2_128_CBC, "RC2-128-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION), + ODE(SEC_OID_ECDH_KEA, "ECDH", CKM_ECDH1_DERIVE, INVALID_CERT_EXTENSION), ++ ++ /* this will change upstream. for now apps shouldn't use it */ ++ /* we need it for the policy code. */ ++ ODE(SEC_OID_PRIVATE_1, ++ "TLS Require EMS", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), ++ + }; + + /* PRIVATE EXTENDED SECOID Table +@@ -2198,6 +2204,10 @@ SECOID_Init(void) + + /* turn off NSS_USE_POLICY_IN_SSL by default */ + xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL; ++ /* turn off TLS REQUIRE EMS by default */ ++ xOids[SEC_OID_PRIVATE_1].notPolicyFlags = ~0; ++ ++ + + envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT"); + if (envVal) +diff -up ./lib/util/secoidt.h.ems ./lib/util/secoidt.h +--- ./lib/util/secoidt.h.ems 2024-06-11 13:16:13.212411967 -0700 ++++ ./lib/util/secoidt.h 2024-06-11 13:16:48.098810434 -0700 +@@ -530,6 +530,9 @@ typedef enum { + SEC_OID_RC2_64_CBC = 385, + SEC_OID_RC2_128_CBC = 386, + SEC_OID_ECDH_KEA = 387, ++ /* this will change upstream. for now apps shouldn't use it */ ++ /* give it an obscure name here */ ++ SEC_OID_PRIVATE_1 = 388, + + SEC_OID_TOTAL + } SECOidTag; diff --git a/SOURCES/nss-3.101-chacha-timing-fix.patch b/SOURCES/nss-3.101-chacha-timing-fix.patch new file mode 100644 index 0000000..ea8756a --- /dev/null +++ b/SOURCES/nss-3.101-chacha-timing-fix.patch @@ -0,0 +1,59 @@ +diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c +--- a/lib/freebl/chacha20poly1305.c ++++ b/lib/freebl/chacha20poly1305.c +@@ -213,27 +213,31 @@ + { + #ifdef NSS_X64 + #ifndef NSS_DISABLE_AVX2 + if (avx2_support()) { + Hacl_Chacha20_Vec256_chacha20_encrypt_256(len, output, block, k, nonce, ctr); ++ return; + } + #endif + + #ifndef NSS_DISABLE_SSE3 + if (ssse3_support() && sse4_1_support() && avx_support()) { + Hacl_Chacha20_Vec128_chacha20_encrypt_128(len, output, block, k, nonce, ctr); ++ return; + } + #endif + + #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \ + !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX) + if (ppc_crypto_support()) { + chacha20vsx(len, output, block, k, nonce, ctr); +- } else ++ return; ++ } + #endif + { + Hacl_Chacha20_chacha20_encrypt(len, output, block, k, nonce, ctr); ++ return; + } + } + #endif /* NSS_DISABLE_CHACHAPOLY */ + + SECStatus +@@ -449,20 +453,18 @@ + (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen, + (uint8_t *)input, output, outTag); + goto finish; + } + #endif +- +- else + #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \ + !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX) + if (ppc_crypto_support()) { + Chacha20Poly1305_vsx_aead_encrypt( + (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen, + (uint8_t *)input, output, outTag); + goto finish; +- } else ++ } + #endif + { + Hacl_Chacha20Poly1305_32_aead_encrypt( + (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen, + (uint8_t *)input, output, outTag); + diff --git a/SOURCES/nss-3.101-disable-ech.patch b/SOURCES/nss-3.101-disable-ech.patch new file mode 100644 index 0000000..3b6e399 --- /dev/null +++ b/SOURCES/nss-3.101-disable-ech.patch @@ -0,0 +1,81 @@ +diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn +--- ./gtests/ssl_gtest/manifest.mn.disable_ech 2024-06-12 13:29:17.162207862 -0700 ++++ ./gtests/ssl_gtest/manifest.mn 2024-06-12 13:30:25.699047788 -0700 +@@ -59,7 +59,6 @@ CPPSRCS = \ + tls_protect.cc \ + tls_psk_unittest.cc \ + tls_subcerts_unittest.cc \ +- tls_ech_unittest.cc \ + tls_xyber_unittest.cc \ + $(SSLKEYLOGFILE_FILES) \ + $(NULL) +diff -up ./lib/ssl/sslsock.c.disable_ech ./lib/ssl/sslsock.c +--- ./lib/ssl/sslsock.c.disable_ech 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/ssl/sslsock.c 2024-06-12 13:29:17.162207862 -0700 +@@ -4415,17 +4415,23 @@ ssl_ClearPRCList(PRCList *list, void (*f + SECStatus + SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.enableTls13GreaseEch = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss || size == 0) { + return SECFailure; +@@ -4439,28 +4445,42 @@ SSLExp_SetTls13GreaseEchSize(PRFileDesc + ssl_Release1stHandshakeLock(ss); + + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.enableTls13BackendEch = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.callExtensionWriterOnEchInner = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus diff --git a/SOURCES/nss-3.101-disable-md5.patch b/SOURCES/nss-3.101-disable-md5.patch new file mode 100644 index 0000000..56e1c58 --- /dev/null +++ b/SOURCES/nss-3.101-disable-md5.patch @@ -0,0 +1,81 @@ +diff -up ./lib/pk11wrap/pk11pars.c.no_md ./lib/pk11wrap/pk11pars.c +--- ./lib/pk11wrap/pk11pars.c.no_md 2024-06-11 12:41:35.054654990 -0700 ++++ ./lib/pk11wrap/pk11pars.c 2024-06-11 12:46:25.347979894 -0700 +@@ -329,14 +329,11 @@ static const oidValDef curveOptList[] = + static const oidValDef hashOptList[] = { + /* Hashes */ + { CIPHER_NAME("MD2"), SEC_OID_MD2, +- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE | NSS_USE_ALG_IN_SMIME | +- NSS_USE_ALG_IN_PKCS12 }, ++ NSS_USE_ALG_IN_SMIME_LEGACY | NSS_USE_ALG_IN_PKCS12_DECRYPT }, + { CIPHER_NAME("MD4"), SEC_OID_MD4, +- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE | NSS_USE_ALG_IN_SMIME | +- NSS_USE_ALG_IN_PKCS12 }, ++ NSS_USE_ALG_IN_SMIME_LEGACY | NSS_USE_ALG_IN_PKCS12_DECRYPT }, + { CIPHER_NAME("MD5"), SEC_OID_MD5, +- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE | NSS_USE_ALG_IN_SMIME | +- NSS_USE_ALG_IN_PKCS12 }, ++ NSS_USE_ALG_IN_SMIME_LEGACY | NSS_USE_ALG_IN_PKCS12_DECRYPT }, + { CIPHER_NAME("SHA1"), SEC_OID_SHA1, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE | NSS_USE_ALG_IN_SMIME | + NSS_USE_ALG_IN_PKCS12 }, +diff -up ./lib/util/secoid.c.no_md ./lib/util/secoid.c +diff -r 699541a7793b lib/util/secoid.c +--- a/lib/util/secoid.c Tue Jun 16 23:03:22 2020 +0000 ++++ b/lib/util/secoid.c Thu Jun 25 14:33:09 2020 +0200 +@@ -2042,6 +2042,19 @@ + int i; + + for (i = 1; i < SEC_OID_TOTAL; i++) { ++ switch (i) { ++ case SEC_OID_MD2: ++ case SEC_OID_MD4: ++ case SEC_OID_MD5: ++ case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: ++ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: ++ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: ++ case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC: ++ case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC: ++ continue; ++ default: ++ break; ++ } + if (oids[i].desc && strstr(arg, oids[i].desc)) { + xOids[i].notPolicyFlags = notEnable | + (xOids[i].notPolicyFlags & ~(DEF_FLAGS)); +diff -up ./tests/tools/pkcs12policy.txt.disable_md5_test ./tests/tools/pkcs12policy.txt +--- ./tests/tools/pkcs12policy.txt.disable_md5_test 2024-06-07 09:26:03.000000000 -0700 ++++ ./tests/tools/pkcs12policy.txt 2024-06-19 11:15:46.666728170 -0700 +@@ -91,21 +91,21 @@ + 0 18 allow_all disallow=rc2 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC4 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC SHA-1 disallow rc2 (read), RC4 and RC2 + # integrity policy check the various has based controls. + # NOTE: md4, md2, and md5 are turned off by policy by default for encrypting +-# (decrypting is fine). To be enabled, you must allow=all or allow=mdX on the ++# (decrypting is fine). To be enabled, you must allow=mdX/pkcs12 on the + # encryption side. These tests purposefully tests that the default fails to encrypt + # but succeeds when decrypting. + 27 x allow=tls allow=tls PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Use default policy with multiple hashes +- 0 0 allow=all allow=tls PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Allow all encrypt, use default decrypt with multiple hashes +- 0 0 allow=all allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Allow all with multiple hashes +- 28 x disallow=sha1_allow=md2 allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha1 on write ++ 0 0 allow=md2/pkcs12 allow=tls PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Allow all encrypt, use default decrypt with multiple hashes ++ 0 0 allow=md2/pkcs12 allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Allow all with multiple hashes ++ 28 x disallow=sha1_allow=md2/pkcs12 allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha1 on write + 27 x disallow=md2 allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow md2 on write +- 29 x disallow=sha256_allow=md2 allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha256 on write +- 0 19 allow=all disallow=sha1 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha1 on read +- 0 18 allow=all disallow=md2 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow md2 on read +- 0 17 allow=all disallow=sha256 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha256 on read +- 0 0 allow=all disallow=md2/pkcs12-encrypt PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow md2 on read +- 0 0 allow=all disallow=sha1/pkcs12-encrypt PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha1 on read +- 0 0 allow=all disallow=sha256/pkcs12-encrypt PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha256 on read ++ 29 x disallow=sha256_allow=md2/pkcs12 allow=all PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha256 on write ++ 0 19 allow=all:md2/pkcs12 disallow=sha1 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha1 on read ++ 0 18 allow=md2/pkcs12 disallow=md2 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow md2 on read ++ 0 17 allow=md2/pkcs12 disallow=sha256 PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha256 on read ++ 0 0 allow=md2/pkcs12 disallow=md2/pkcs12-encrypt PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow md2 on read ++ 0 0 allow=md2/pkcs12 disallow=sha1/pkcs12-encrypt PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha1 on read ++ 0 0 allow=md2/pkcs12 disallow=sha256/pkcs12-encrypt PKCS_#12_V2_PBE_With_SHA-1_And_128_Bit_RC2_CBC PKCS_#5_Password_Based_Encryption_with_MD2_and_DES-CBC SHA-256 Disallow sha256 on read + 0 0 allow=all allow=all AES-128-CBC AES-128-CBC HMAC_SHA-256 + 29 x disallow=hmac-sha256 allow=all AES-128-CBC AES-128-CBC HMAC_SHA-256 + 0 18 allow=all disallow=hmac-sha256 AES-128-CBC AES-128-CBC HMAC_SHA-256 diff --git a/SOURCES/nss-3.101-disable_dsa.patch b/SOURCES/nss-3.101-disable_dsa.patch new file mode 100644 index 0000000..d51ad50 --- /dev/null +++ b/SOURCES/nss-3.101-disable_dsa.patch @@ -0,0 +1,1347 @@ +diff -up ./cmd/pk11mode/pk11mode.c.disable_dsa ./cmd/pk11mode/pk11mode.c +--- ./cmd/pk11mode/pk11mode.c.disable_dsa 2024-06-17 09:39:06.137190654 -0700 ++++ ./cmd/pk11mode/pk11mode.c 2024-06-17 09:39:12.265257501 -0700 +@@ -578,7 +578,7 @@ main(int argc, char **argv) + } + + /* +- * PKM_KeyTest creates RSA,DSA public keys ++ * PKM_KeyTest creates RSA,ECDSA public keys + * and AES, DES3 secret keys. + * then does digest, hmac, encrypt/decrypt, signing operations. + */ +@@ -793,19 +793,14 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + + CK_RV crv = CKR_OK; + +- /*** DSA Key ***/ +- CK_MECHANISM dsaParamGenMech; +- CK_ULONG primeBits = 1024; +- CK_ATTRIBUTE dsaParamGenTemplate[1]; +- CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE; +- CK_BYTE DSA_P[128]; +- CK_BYTE DSA_Q[20]; +- CK_BYTE DSA_G[128]; +- CK_MECHANISM dsaKeyPairGenMech; +- CK_ATTRIBUTE dsaPubKeyTemplate[5]; +- CK_ATTRIBUTE dsaPrivKeyTemplate[5]; +- CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE; +- CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE; ++ /*** ECDSA Key ***/ ++ CK_BYTE ECDSA_P256_PARAMS[] = ++ { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; ++ CK_MECHANISM ecdsaKeyPairGenMech; ++ CK_ATTRIBUTE ecdsaPubKeyTemplate[3]; ++ CK_ATTRIBUTE ecdsaPrivKeyTemplate[5]; ++ CK_OBJECT_HANDLE hECDSApubKey = CK_INVALID_HANDLE; ++ CK_OBJECT_HANDLE hECDSAprivKey = CK_INVALID_HANDLE; + + /**** RSA Key ***/ + CK_KEY_TYPE rsatype = CKK_RSA; +@@ -840,8 +835,8 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + CK_ATTRIBUTE sDES3KeyTemplate[9]; + CK_OBJECT_HANDLE hDES3SecKey; + +- CK_MECHANISM dsaWithSha1Mech = { +- CKM_DSA_SHA1, NULL, 0 ++ CK_MECHANISM ecdsaWithSha256Mech = { ++ CKM_ECDSA_SHA256, NULL, 0 + }; + + CK_BYTE IV[16]; +@@ -888,45 +883,33 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + NUMTESTS++; /* increment NUMTESTS */ + + /* DSA key init */ +- dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN; +- dsaParamGenMech.pParameter = NULL_PTR; +- dsaParamGenMech.ulParameterLen = 0; +- dsaParamGenTemplate[0].type = CKA_PRIME_BITS; +- dsaParamGenTemplate[0].pValue = &primeBits; +- dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits); +- dsaPubKeyTemplate[0].type = CKA_PRIME; +- dsaPubKeyTemplate[0].pValue = DSA_P; +- dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P); +- dsaPubKeyTemplate[1].type = CKA_SUBPRIME; +- dsaPubKeyTemplate[1].pValue = DSA_Q; +- dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q); +- dsaPubKeyTemplate[2].type = CKA_BASE; +- dsaPubKeyTemplate[2].pValue = DSA_G; +- dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G); +- dsaPubKeyTemplate[3].type = CKA_TOKEN; +- dsaPubKeyTemplate[3].pValue = &true; +- dsaPubKeyTemplate[3].ulValueLen = sizeof(true); +- dsaPubKeyTemplate[4].type = CKA_VERIFY; +- dsaPubKeyTemplate[4].pValue = &true; +- dsaPubKeyTemplate[4].ulValueLen = sizeof(true); +- dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN; +- dsaKeyPairGenMech.pParameter = NULL_PTR; +- dsaKeyPairGenMech.ulParameterLen = 0; +- dsaPrivKeyTemplate[0].type = CKA_TOKEN; +- dsaPrivKeyTemplate[0].pValue = &true; +- dsaPrivKeyTemplate[0].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[1].type = CKA_PRIVATE; +- dsaPrivKeyTemplate[1].pValue = &true; +- dsaPrivKeyTemplate[1].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[2].type = CKA_SENSITIVE; +- dsaPrivKeyTemplate[2].pValue = &true; +- dsaPrivKeyTemplate[2].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[3].type = CKA_SIGN, +- dsaPrivKeyTemplate[3].pValue = &true; +- dsaPrivKeyTemplate[3].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE; +- dsaPrivKeyTemplate[4].pValue = &true; +- dsaPrivKeyTemplate[4].ulValueLen = sizeof(true); ++ ecdsaPubKeyTemplate[0].type = CKA_EC_PARAMS; ++ ecdsaPubKeyTemplate[0].pValue = ECDSA_P256_PARAMS; ++ ecdsaPubKeyTemplate[0].ulValueLen = sizeof(ECDSA_P256_PARAMS); ++ ecdsaPubKeyTemplate[1].type = CKA_TOKEN; ++ ecdsaPubKeyTemplate[1].pValue = &true; ++ ecdsaPubKeyTemplate[1].ulValueLen = sizeof(true); ++ ecdsaPubKeyTemplate[2].type = CKA_VERIFY; ++ ecdsaPubKeyTemplate[2].pValue = &true; ++ ecdsaPubKeyTemplate[2].ulValueLen = sizeof(true); ++ ecdsaKeyPairGenMech.mechanism = CKM_ECDSA_KEY_PAIR_GEN; ++ ecdsaKeyPairGenMech.pParameter = NULL_PTR; ++ ecdsaKeyPairGenMech.ulParameterLen = 0; ++ ecdsaPrivKeyTemplate[0].type = CKA_TOKEN; ++ ecdsaPrivKeyTemplate[0].pValue = &true; ++ ecdsaPrivKeyTemplate[0].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[1].type = CKA_PRIVATE; ++ ecdsaPrivKeyTemplate[1].pValue = &true; ++ ecdsaPrivKeyTemplate[1].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[2].type = CKA_SENSITIVE; ++ ecdsaPrivKeyTemplate[2].pValue = &true; ++ ecdsaPrivKeyTemplate[2].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[3].type = CKA_SIGN, ++ ecdsaPrivKeyTemplate[3].pValue = &true; ++ ecdsaPrivKeyTemplate[3].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE; ++ ecdsaPrivKeyTemplate[4].pValue = &true; ++ ecdsaPrivKeyTemplate[4].ulValueLen = sizeof(true); + + /* RSA key init */ + rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; +@@ -1148,52 +1131,18 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + return crv; + } + +- PKM_LogIt("Generate DSA PQG domain parameters ... \n"); +- /* Generate DSA domain parameters PQG */ +- crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech, +- dsaParamGenTemplate, +- 1, +- &hDsaParams); ++ PKM_LogIt("Generate a ECDSA key pair ... \n"); ++ /* Generate a persistent ECDSA key pair */ ++ crv = pFunctionList->C_GenerateKeyPair(hRwSession, &ecdsaKeyPairGenMech, ++ ecdsaPubKeyTemplate, ++ NUM_ELEM(ecdsaPubKeyTemplate), ++ ecdsaPrivKeyTemplate, ++ NUM_ELEM(ecdsaPrivKeyTemplate), ++ &hECDSApubKey, &hECDSAprivKey); + if (crv == CKR_OK) { +- PKM_LogIt("DSA domain parameter generation succeeded\n"); ++ PKM_LogIt("ECDSA key pair generation succeeded\n"); + } else { +- PKM_Error("DSA domain parameter generation failed " +- "with 0x%08X, %-26s\n", +- crv, PKM_CK_RVtoStr(crv)); +- return crv; +- } +- crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams, +- dsaPubKeyTemplate, 3); +- if (crv == CKR_OK) { +- PKM_LogIt("Getting DSA domain parameters succeeded\n"); +- } else { +- PKM_Error("Getting DSA domain parameters failed " +- "with 0x%08X, %-26s\n", +- crv, PKM_CK_RVtoStr(crv)); +- return crv; +- } +- crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams); +- if (crv == CKR_OK) { +- PKM_LogIt("Destroying DSA domain parameters succeeded\n"); +- } else { +- PKM_Error("Destroying DSA domain parameters failed " +- "with 0x%08X, %-26s\n", +- crv, PKM_CK_RVtoStr(crv)); +- return crv; +- } +- +- PKM_LogIt("Generate a DSA key pair ... \n"); +- /* Generate a persistent DSA key pair */ +- crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech, +- dsaPubKeyTemplate, +- NUM_ELEM(dsaPubKeyTemplate), +- dsaPrivKeyTemplate, +- NUM_ELEM(dsaPrivKeyTemplate), +- &hDSApubKey, &hDSAprivKey); +- if (crv == CKR_OK) { +- PKM_LogIt("DSA key pair generation succeeded\n"); +- } else { +- PKM_Error("DSA key pair generation failed " ++ PKM_Error("ECDSA key pair generation failed " + "with 0x%08X, %-26s\n", + crv, PKM_CK_RVtoStr(crv)); + return crv; +@@ -1414,10 +1363,10 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + } /* end of RSA for loop */ + + crv = PKM_PubKeySign(pFunctionList, hRwSession, +- hDSApubKey, hDSAprivKey, +- &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT)); ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaWithSha256Mech, PLAINTEXT, sizeof(PLAINTEXT)); + if (crv == CKR_OK) { +- PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n"); ++ PKM_LogIt("PKM_PubKeySign for ECDSAwithSHA256 succeeded \n\n"); + } else { + PKM_Error("PKM_PubKeySign failed " + "with 0x%08X, %-26s\n", +@@ -1425,8 +1374,8 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + return crv; + } + crv = PKM_DualFuncSign(pFunctionList, hRwSession, +- hDSApubKey, hDSAprivKey, +- &dsaWithSha1Mech, ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaWithSha256Mech, + hAESSecKey, &mech_AES_CBC, + PLAINTEXT, sizeof(PLAINTEXT)); + if (crv == CKR_OK) { +@@ -1439,44 +1388,44 @@ PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunct + return crv; + } + crv = PKM_DualFuncSign(pFunctionList, hRwSession, +- hDSApubKey, hDSAprivKey, +- &dsaWithSha1Mech, ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaWithSha256Mech, + hDES3SecKey, &mech_DES3_CBC, + PLAINTEXT, sizeof(PLAINTEXT)); + if (crv == CKR_OK) { + PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded " +- "for DSAWithSHA1\n\n"); ++ "for ECDSAWithSHA256\n\n"); + } else { + PKM_Error("PKM_DualFuncSign with DES3 secret key failed " +- "for DSAWithSHA1 with 0x%08X, %-26s\n", ++ "for ECDSAWithSHA256 with 0x%08X, %-26s\n", + crv, PKM_CK_RVtoStr(crv)); + return crv; + } + crv = PKM_DualFuncSign(pFunctionList, hRwSession, +- hDSApubKey, hDSAprivKey, +- &dsaWithSha1Mech, ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaWithSha256Mech, + hAESSecKey, &mech_AES_CBC_PAD, + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); + if (crv == CKR_OK) { + PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded " +- "for DSAWithSHA1\n\n"); ++ "for DSAWithSHA256\n\n"); + } else { + PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD failed " +- "for DSAWithSHA1 with 0x%08X, %-26s\n", ++ "for DSAWithSHA256 with 0x%08X, %-26s\n", + crv, PKM_CK_RVtoStr(crv)); + return crv; + } + crv = PKM_DualFuncSign(pFunctionList, hRwSession, +- hDSApubKey, hDSAprivKey, +- &dsaWithSha1Mech, ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaWithSha256Mech, + hDES3SecKey, &mech_DES3_CBC_PAD, + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); + if (crv == CKR_OK) { + PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded " +- "for DSAWithSHA1\n\n"); ++ "for ECDSAWithSHA256\n\n"); + } else { + PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD failed " +- "for DSAWithSHA1 with 0x%08X, %-26s\n", ++ "for ECDSAWithSHA256 with 0x%08X, %-26s\n", + crv, PKM_CK_RVtoStr(crv)); + return crv; + } +@@ -3029,7 +2978,7 @@ PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFun + } + + /* Check that the mechanism is Multi-part */ +- if (signMech->mechanism == CKM_DSA || ++ if (signMech->mechanism == CKM_ECDSA || + signMech->mechanism == CKM_RSA_PKCS) { + return crv; + } +@@ -3083,6 +3032,7 @@ PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFun + return crv; + } + ++#define SHA256_LENGTH 32 + CK_RV + PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, + CK_SLOT_ID *pSlotList, +@@ -3092,19 +3042,14 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + CK_SESSION_HANDLE hSession; + CK_RV crv = CKR_OK; + +- /*** DSA Key ***/ +- CK_MECHANISM dsaParamGenMech; +- CK_ULONG primeBits = 1024; +- CK_ATTRIBUTE dsaParamGenTemplate[1]; +- CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE; +- CK_BYTE DSA_P[128]; +- CK_BYTE DSA_Q[20]; +- CK_BYTE DSA_G[128]; +- CK_MECHANISM dsaKeyPairGenMech; +- CK_ATTRIBUTE dsaPubKeyTemplate[5]; +- CK_ATTRIBUTE dsaPrivKeyTemplate[5]; +- CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE; +- CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE; ++ /*** ECDSA Key ***/ ++ CK_MECHANISM ecdsaKeyPairGenMech; ++ CK_ATTRIBUTE ecdsaPubKeyTemplate[3]; ++ CK_ATTRIBUTE ecdsaPrivKeyTemplate[5]; ++ CK_OBJECT_HANDLE hECDSApubKey = CK_INVALID_HANDLE; ++ CK_OBJECT_HANDLE hECDSAprivKey = CK_INVALID_HANDLE; ++ CK_BYTE ECDSA_P256_PARAMS[] = ++ { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; + + /* From SHA1ShortMsg.req, Len = 136 */ + CK_BYTE MSG[] = { +@@ -3115,69 +3060,57 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + 0x44 + }; + CK_BYTE MD[] = { +- 0xf7, 0x5d, 0x92, 0xa4, +- 0xbb, 0x4d, 0xec, 0xc3, +- 0x7c, 0x5c, 0x72, 0xfa, +- 0x04, 0x75, 0x71, 0x0a, +- 0x06, 0x75, 0x8c, 0x1d ++ 0x88, 0x78, 0xe1, 0x1e, ++ 0x63, 0x74, 0xa9, 0xd9, ++ 0x90, 0xd0, 0xeb, 0x2c, ++ 0xeb, 0x62, 0x2b, 0x04, ++ 0x53, 0x9f, 0xa0, 0xfc + }; + +- CK_BYTE sha1Digest[20]; +- CK_ULONG sha1DigestLen; +- CK_BYTE dsaSig[40]; +- CK_ULONG dsaSigLen; +- CK_MECHANISM sha1Mech = { +- CKM_SHA_1, NULL, 0 ++ CK_BYTE sha256Digest[SHA256_LENGTH]; ++ CK_ULONG sha256DigestLen; ++ CK_BYTE ecdsaSig[SHA256_LENGTH*2+1]; ++ CK_ULONG ecdsaSigLen; ++ CK_MECHANISM sha256Mech = { ++ CKM_SHA256, NULL, 0 + }; +- CK_MECHANISM dsaMech = { +- CKM_DSA, NULL, 0 ++ CK_MECHANISM ecdsaMech = { ++ CKM_ECDSA, NULL, 0 + }; +- CK_MECHANISM dsaWithSha1Mech = { +- CKM_DSA_SHA1, NULL, 0 ++ CK_MECHANISM ecdsaWithSha256Mech = { ++ CKM_ECDSA_SHA256, NULL, 0 + }; + + NUMTESTS++; /* increment NUMTESTS */ + +- /* DSA key init */ +- dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN; +- dsaParamGenMech.pParameter = NULL_PTR; +- dsaParamGenMech.ulParameterLen = 0; +- dsaParamGenTemplate[0].type = CKA_PRIME_BITS; +- dsaParamGenTemplate[0].pValue = &primeBits; +- dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits); +- dsaPubKeyTemplate[0].type = CKA_PRIME; +- dsaPubKeyTemplate[0].pValue = DSA_P; +- dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P); +- dsaPubKeyTemplate[1].type = CKA_SUBPRIME; +- dsaPubKeyTemplate[1].pValue = DSA_Q; +- dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q); +- dsaPubKeyTemplate[2].type = CKA_BASE; +- dsaPubKeyTemplate[2].pValue = DSA_G; +- dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G); +- dsaPubKeyTemplate[3].type = CKA_TOKEN; +- dsaPubKeyTemplate[3].pValue = &true; +- dsaPubKeyTemplate[3].ulValueLen = sizeof(true); +- dsaPubKeyTemplate[4].type = CKA_VERIFY; +- dsaPubKeyTemplate[4].pValue = &true; +- dsaPubKeyTemplate[4].ulValueLen = sizeof(true); +- dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN; +- dsaKeyPairGenMech.pParameter = NULL_PTR; +- dsaKeyPairGenMech.ulParameterLen = 0; +- dsaPrivKeyTemplate[0].type = CKA_TOKEN; +- dsaPrivKeyTemplate[0].pValue = &true; +- dsaPrivKeyTemplate[0].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[1].type = CKA_PRIVATE; +- dsaPrivKeyTemplate[1].pValue = &true; +- dsaPrivKeyTemplate[1].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[2].type = CKA_SENSITIVE; +- dsaPrivKeyTemplate[2].pValue = &true; +- dsaPrivKeyTemplate[2].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[3].type = CKA_SIGN, +- dsaPrivKeyTemplate[3].pValue = &true; +- dsaPrivKeyTemplate[3].ulValueLen = sizeof(true); +- dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE; +- dsaPrivKeyTemplate[4].pValue = &true; +- dsaPrivKeyTemplate[4].ulValueLen = sizeof(true); ++ /* ECDSA key init */ ++ ecdsaPubKeyTemplate[0].type = CKA_EC_PARAMS; ++ ecdsaPubKeyTemplate[0].pValue = ECDSA_P256_PARAMS; ++ ecdsaPubKeyTemplate[0].ulValueLen = sizeof(ECDSA_P256_PARAMS); ++ ecdsaPubKeyTemplate[1].type = CKA_TOKEN; ++ ecdsaPubKeyTemplate[1].pValue = &true; ++ ecdsaPubKeyTemplate[1].ulValueLen = sizeof(true); ++ ecdsaPubKeyTemplate[2].type = CKA_VERIFY; ++ ecdsaPubKeyTemplate[2].pValue = &true; ++ ecdsaPubKeyTemplate[2].ulValueLen = sizeof(true); ++ ecdsaKeyPairGenMech.mechanism = CKM_ECDSA_KEY_PAIR_GEN; ++ ecdsaKeyPairGenMech.pParameter = NULL_PTR; ++ ecdsaKeyPairGenMech.ulParameterLen = 0; ++ ecdsaPrivKeyTemplate[0].type = CKA_TOKEN; ++ ecdsaPrivKeyTemplate[0].pValue = &true; ++ ecdsaPrivKeyTemplate[0].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[1].type = CKA_PRIVATE; ++ ecdsaPrivKeyTemplate[1].pValue = &true; ++ ecdsaPrivKeyTemplate[1].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[2].type = CKA_SENSITIVE; ++ ecdsaPrivKeyTemplate[2].pValue = &true; ++ ecdsaPrivKeyTemplate[2].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[3].type = CKA_SIGN, ++ ecdsaPrivKeyTemplate[3].pValue = &true; ++ ecdsaPrivKeyTemplate[3].ulValueLen = sizeof(true); ++ ecdsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE; ++ ecdsaPrivKeyTemplate[4].pValue = &true; ++ ecdsaPrivKeyTemplate[4].ulValueLen = sizeof(true); + + crv = pFunctionList->C_OpenSession(pSlotList[slotID], + CKF_RW_SESSION | CKF_SERIAL_SESSION, +@@ -3198,88 +3131,60 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + return crv; + } + +- PKM_LogIt("Generate DSA PQG domain parameters ... \n"); +- /* Generate DSA domain parameters PQG */ +- crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech, +- dsaParamGenTemplate, +- 1, +- &hDsaParams); +- if (crv == CKR_OK) { +- PKM_LogIt("DSA domain parameter generation succeeded\n"); +- } else { +- PKM_Error("DSA domain parameter generation failed " +- "with 0x%08X, %-26s\n", +- crv, PKM_CK_RVtoStr(crv)); +- return crv; +- } +- crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams, +- dsaPubKeyTemplate, 3); +- if (crv == CKR_OK) { +- PKM_LogIt("Getting DSA domain parameters succeeded\n"); +- } else { +- PKM_Error("Getting DSA domain parameters failed " +- "with 0x%08X, %-26s\n", +- crv, PKM_CK_RVtoStr(crv)); +- return crv; +- } +- crv = pFunctionList->C_DestroyObject(hSession, hDsaParams); +- if (crv == CKR_OK) { +- PKM_LogIt("Destroying DSA domain parameters succeeded\n"); +- } else { +- PKM_Error("Destroying DSA domain parameters failed " +- "with 0x%08X, %-26s\n", +- crv, PKM_CK_RVtoStr(crv)); +- return crv; +- } +- +- PKM_LogIt("Generate a DSA key pair ... \n"); +- /* Generate a persistent DSA key pair */ +- crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech, +- dsaPubKeyTemplate, +- NUM_ELEM(dsaPubKeyTemplate), +- dsaPrivKeyTemplate, +- NUM_ELEM(dsaPrivKeyTemplate), +- &hDSApubKey, &hDSAprivKey); ++ PKM_LogIt("Generate a ECDSA key pair ... \n"); ++ /* Generate a persistent ECDSA key pair */ ++ crv = pFunctionList->C_GenerateKeyPair(hSession, &ecdsaKeyPairGenMech, ++ ecdsaPubKeyTemplate, ++ NUM_ELEM(ecdsaPubKeyTemplate), ++ ecdsaPrivKeyTemplate, ++ NUM_ELEM(ecdsaPrivKeyTemplate), ++ &hECDSApubKey, &hECDSAprivKey); + if (crv == CKR_OK) { +- PKM_LogIt("DSA key pair generation succeeded\n"); ++ PKM_LogIt("ECDSA key pair generation succeeded\n"); + } else { +- PKM_Error("DSA key pair generation failed " ++ PKM_Error("ECDSA key pair generation failed " + "with 0x%08X, %-26s\n", + crv, PKM_CK_RVtoStr(crv)); + return crv; + } + + /* Compute SHA-1 digest */ +- crv = pFunctionList->C_DigestInit(hSession, &sha1Mech); ++ crv = pFunctionList->C_DigestInit(hSession, &sha256Mech); + if (crv != CKR_OK) { + PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- sha1DigestLen = sizeof(sha1Digest); ++ sha256DigestLen = sizeof(sha256Digest); + crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG), +- sha1Digest, &sha1DigestLen); ++ sha256Digest, &sha256DigestLen); + if (crv != CKR_OK) { + PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- if (sha1DigestLen != sizeof(sha1Digest)) { +- PKM_Error("sha1DigestLen is %lu\n", sha1DigestLen); ++ if (sha256DigestLen != sizeof(sha256Digest)) { ++ PKM_Error("sha1DigestLen is %lu\n", sha256DigestLen); + return crv; + } + +- if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) { +- PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n"); ++ if (memcmp(sha256Digest, MD, sizeof(MD)) == 0) { ++ PKM_LogIt("SHA-256 SHA256ShortMsg test case Len = 136 passed\n"); + } else { +- PKM_Error("SHA-1 SHA1ShortMsg test case Len = 136 failed\n"); ++ int i; ++ PKM_Error("SHA-256 SHA256ShortMsg test case Len = 136 failed\n"); ++ fprintf(stderr, "sha256Digest: "); ++ for (i=0; i < sizeof(MD); i++) fprintf(stderr, " 0x%02x", sha256Digest[i]); ++ fprintf(stderr, "\nMD: "); ++ for (i=0; i < sizeof(MD); i++) fprintf(stderr, " 0x%02x", MD[i]); ++ fprintf(stderr, "\n"); + } + + crv = PKM_PubKeySign(pFunctionList, hSession, +- hDSApubKey, hDSAprivKey, +- &dsaMech, sha1Digest, sizeof(sha1Digest)); ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaMech, sha256Digest, sizeof(sha256Digest)); + if (crv == CKR_OK) { +- PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n"); ++ PKM_LogIt("PKM_PubKeySign CKM_ECDSA succeeded \n"); + } else { + PKM_Error("PKM_PubKeySign failed " + "with 0x%08X, %-26s\n", +@@ -3287,10 +3192,10 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + return crv; + } + crv = PKM_PubKeySign(pFunctionList, hSession, +- hDSApubKey, hDSAprivKey, +- &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT)); ++ hECDSApubKey, hECDSAprivKey, ++ &ecdsaWithSha256Mech, PLAINTEXT, sizeof(PLAINTEXT)); + if (crv == CKR_OK) { +- PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n"); ++ PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA256 succeeded \n"); + } else { + PKM_Error("PKM_PubKeySign failed " + "with 0x%08X, %-26s\n", +@@ -3298,16 +3203,16 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + return crv; + } + +- /* Sign with DSA */ +- crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey); ++ /* Sign with ECDSA */ ++ crv = pFunctionList->C_SignInit(hSession, &ecdsaMech, hECDSAprivKey); + if (crv != CKR_OK) { + PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- dsaSigLen = sizeof(dsaSig); +- crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen, +- dsaSig, &dsaSigLen); ++ ecdsaSigLen = sizeof(ecdsaSig); ++ crv = pFunctionList->C_Sign(hSession, sha256Digest, sha256DigestLen, ++ ecdsaSig, &ecdsaSigLen); + if (crv != CKR_OK) { + PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); +@@ -3315,14 +3220,14 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + } + + /* Verify the DSA signature */ +- crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey); ++ crv = pFunctionList->C_VerifyInit(hSession, &ecdsaMech, hECDSApubKey); + if (crv != CKR_OK) { + PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen, +- dsaSig, dsaSigLen); ++ crv = pFunctionList->C_Verify(hSession, sha256Digest, sha256DigestLen, ++ ecdsaSig, ecdsaSigLen); + if (crv == CKR_OK) { + PKM_LogIt("C_Verify succeeded\n"); + } else { +@@ -3332,8 +3237,8 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + } + + /* Verify the signature in a different way */ +- crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech, +- hDSApubKey); ++ crv = pFunctionList->C_VerifyInit(hSession, &ecdsaWithSha256Mech, ++ hECDSApubKey); + if (crv != CKR_OK) { + PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); +@@ -3351,7 +3256,7 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + PKM_CK_RVtoStr(crv)); + return crv; + } +- crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen); ++ crv = pFunctionList->C_VerifyFinal(hSession, ecdsaSig, ecdsaSigLen); + if (crv == CKR_OK) { + PKM_LogIt("C_VerifyFinal succeeded\n"); + } else { +@@ -3361,8 +3266,8 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + } + + /* Verify the signature in a different way */ +- crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech, +- hDSApubKey); ++ crv = pFunctionList->C_VerifyInit(hSession, &ecdsaWithSha256Mech, ++ hECDSApubKey); + if (crv != CKR_OK) { + PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", + crv, PKM_CK_RVtoStr(crv)); +@@ -3380,7 +3285,7 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + crv, PKM_CK_RVtoStr(crv)); + return crv; + } +- crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen); ++ crv = pFunctionList->C_VerifyFinal(hSession, ecdsaSig, ecdsaSigLen); + if (crv == CKR_OK) { + PKM_LogIt("C_VerifyFinal of multi update succeeded.\n"); + } else { +@@ -3391,28 +3296,28 @@ PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunc + /* Now modify the data */ + MSG[0] += 1; + /* Compute SHA-1 digest */ +- crv = pFunctionList->C_DigestInit(hSession, &sha1Mech); ++ crv = pFunctionList->C_DigestInit(hSession, &sha256Mech); + if (crv != CKR_OK) { + PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- sha1DigestLen = sizeof(sha1Digest); ++ sha256DigestLen = sizeof(sha256Digest); + crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG), +- sha1Digest, &sha1DigestLen); ++ sha256Digest, &sha256DigestLen); + if (crv != CKR_OK) { + PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey); ++ crv = pFunctionList->C_VerifyInit(hSession, &ecdsaMech, hECDSApubKey); + if (crv != CKR_OK) { + PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, + PKM_CK_RVtoStr(crv)); + return crv; + } +- crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen, +- dsaSig, dsaSigLen); ++ crv = pFunctionList->C_Verify(hSession, sha256Digest, sha256DigestLen, ++ ecdsaSig, ecdsaSigLen); + if (crv != CKR_SIGNATURE_INVALID) { + PKM_Error("C_Verify of modified data succeeded\n"); + return crv; +@@ -5020,7 +4925,7 @@ PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pF + NUMTESTS++; /* increment NUMTESTS */ + + /* Check that the mechanism is Multi-part */ +- if (sigMech->mechanism == CKM_DSA || sigMech->mechanism == CKM_RSA_PKCS) { ++ if (sigMech->mechanism == CKM_ECDSA || sigMech->mechanism == CKM_RSA_PKCS) { + PKM_Error("PKM_DualFuncSign must be called with a Multi-part " + "operation mechanism\n"); + return CKR_DEVICE_ERROR; +diff -up ./coreconf/config.mk.disable_dsa ./coreconf/config.mk +--- ./coreconf/config.mk.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./coreconf/config.mk 2024-06-17 09:38:50.438019407 -0700 +@@ -183,6 +183,10 @@ ifdef NSS_DISABLE_DBM + DEFINES += -DNSS_DISABLE_DBM + endif + ++ifdef NSS_DISABLE_DSA ++DEFINES += -DNSS_DISABLE_DSA ++endif ++ + ifdef NSS_DISABLE_AVX2 + DEFINES += -DNSS_DISABLE_AVX2 + endif +diff -up ./gtests/pk11_gtest/manifest.mn.disable_dsa ./gtests/pk11_gtest/manifest.mn +--- ./gtests/pk11_gtest/manifest.mn.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./gtests/pk11_gtest/manifest.mn 2024-06-17 09:38:50.438019407 -0700 +@@ -6,6 +6,10 @@ CORE_DEPTH = ../.. + DEPTH = ../.. + MODULE = nss + ++ifndef NSS_DISABLE_DSA ++ DSA_UNIT_TESTS=pk11_dsa_unittest.cc ++endif ++ + CPPSRCS = \ + json_reader.cc \ + pk11_aes_gcm_unittest.cc \ +@@ -17,7 +21,7 @@ CPPSRCS = \ + pk11_curve25519_unittest.cc \ + pk11_der_private_key_import_unittest.cc \ + pk11_des_unittest.cc \ +- pk11_dsa_unittest.cc \ ++ ${DSA_UNIT_TESTS} \ + pk11_ecdsa_unittest.cc \ + pk11_eddsa_unittest.cc \ + pk11_ecdh_unittest.cc \ +diff -up ./gtests/pk11_gtest/pk11_import_unittest.cc.disable_dsa ./gtests/pk11_gtest/pk11_import_unittest.cc +--- ./gtests/pk11_gtest/pk11_import_unittest.cc.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./gtests/pk11_gtest/pk11_import_unittest.cc 2024-06-17 09:38:50.438019407 -0700 +@@ -261,7 +261,9 @@ TEST_P(Pk11KeyImportTest, GenerateExport + + INSTANTIATE_TEST_SUITE_P(Pk11KeyImportTest, Pk11KeyImportTest, + ::testing::Values(CKM_RSA_PKCS_KEY_PAIR_GEN, ++#ifndef NSS_DISABLE_DSA + CKM_DSA_KEY_PAIR_GEN, ++#endif + CKM_DH_PKCS_KEY_PAIR_GEN)); + + class Pk11KeyImportTestEC : public Pk11KeyImportTestBase, +diff -up ./gtests/ssl_gtest/ssl_auth_unittest.cc.disable_dsa ./gtests/ssl_gtest/ssl_auth_unittest.cc +--- ./gtests/ssl_gtest/ssl_auth_unittest.cc.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_auth_unittest.cc 2024-06-17 09:38:50.438019407 -0700 +@@ -532,6 +532,7 @@ TEST_P(TlsConnectTls12, AutoClientSelect + EXPECT_TRUE(ecc.hookCalled); + } + ++#ifndef NSS_DISABLE_DSA + TEST_P(TlsConnectTls12, AutoClientSelectDsa) { + AutoClientResults dsa = {{SECFailure, TlsAgent::kClient}, + {SECFailure, TlsAgent::kClient}, +@@ -548,6 +549,7 @@ TEST_P(TlsConnectTls12, AutoClientSelect + Connect(); + EXPECT_TRUE(dsa.hookCalled); + } ++#endif + + TEST_P(TlsConnectClientAuthStream13, PostHandshakeAuthMultiple) { + client_->SetupClientAuth(std::get<2>(GetParam()), true); +@@ -1841,7 +1843,7 @@ TEST_F(TlsAgentStreamTestServer, Configu + // A server should refuse to even start a handshake with + // misconfigured certificate and signature scheme. + TEST_P(TlsConnectTls12Plus, MisconfiguredCertScheme) { +- Reset(TlsAgent::kServerDsa); ++ Reset(TlsAgent::kServerRsaSign); + static const SSLSignatureScheme kScheme[] = {ssl_sig_ecdsa_secp256r1_sha256}; + server_->SetSignatureSchemes(kScheme, PR_ARRAY_SIZE(kScheme)); + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); +@@ -1882,6 +1884,9 @@ TEST_P(TlsConnectTls13, Tls13DsaOnlyClie + client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + } + ++#ifndef NSS_DISABLE_DSA ++// can't test a dsa only server becasue we can't generate a server ++// DSA certificate + TEST_P(TlsConnectTls13, Tls13DsaOnlyServer) { + Reset(TlsAgent::kServerDsa); + static const SSLSignatureScheme kDsa[] = {ssl_sig_dsa_sha256}; +@@ -1890,6 +1895,7 @@ TEST_P(TlsConnectTls13, Tls13DsaOnlyServ + server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); + } ++#endif + + TEST_P(TlsConnectTls13, Tls13Pkcs1OnlyClient) { + static const SSLSignatureScheme kPkcs1[] = {ssl_sig_rsa_pkcs1_sha256}; +diff -up ./gtests/ssl_gtest/ssl_ciphersuite_unittest.cc.disable_dsa ./gtests/ssl_gtest/ssl_ciphersuite_unittest.cc +--- ./gtests/ssl_gtest/ssl_ciphersuite_unittest.cc.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_ciphersuite_unittest.cc 2024-06-17 09:38:50.438019407 -0700 +@@ -383,8 +383,10 @@ INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V + kDummySignatureSchemesParams, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, ++#ifndef NSS_DISABLE_DSA + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, ++#endif + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384); + INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12, kDummyNamedGroupParams, +@@ -395,16 +397,20 @@ INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12 + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, ++ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, +- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256); ++ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256); + INSTANTIATE_CIPHER_TEST_P( + CBC12, All, V12, kDummyNamedGroupParams, kDummySignatureSchemesParams, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, +- TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256); ++ TLS_RSA_WITH_AES_128_CBC_SHA256 ++#ifndef NSS_DISABLE_DSA ++ , TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, ++ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 ++#endif ++ ); + INSTANTIATE_CIPHER_TEST_P( + CBCStream, Stream, V10ToV12, kDummyNamedGroupParams, + kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_NULL_SHA, +@@ -431,8 +437,12 @@ INSTANTIATE_CIPHER_TEST_P( + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, +- TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256); ++ TLS_RSA_WITH_AES_128_CBC_SHA256 ++#ifndef NSS_DISABLE_DSA ++ , TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, ++ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 ++#endif ++ ); + #ifndef NSS_DISABLE_TLS_1_3 + INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13, + ::testing::ValuesIn(kFasterDHEGroups), +diff -up ./gtests/ssl_gtest/ssl_dhe_unittest.cc.disable_dsa ./gtests/ssl_gtest/ssl_dhe_unittest.cc +--- ./gtests/ssl_gtest/ssl_dhe_unittest.cc.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_dhe_unittest.cc 2024-06-17 09:45:33.575416837 -0700 +@@ -622,6 +622,7 @@ class TlsDheSkeChangeSignature : public + size_t len_; + }; + ++#ifndef NSS_DISABLE_DSA + TEST_P(TlsConnectGenericPre13, InvalidDERSignatureFfdhe) { + const uint8_t kBogusDheSignature[] = { + 0x30, 0x69, 0x3c, 0x02, 0x1c, 0x7d, 0x0b, 0x2f, 0x64, 0x00, 0x27, +@@ -642,6 +643,7 @@ TEST_P(TlsConnectGenericPre13, InvalidDE + ConnectExpectAlert(client_, kTlsAlertDecryptError); + client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + } ++#endif + + TEST_P(TlsConnectTls12, ConnectInconsistentSigAlgDHE) { + EnableOnlyDheCiphers(); +diff -up ./gtests/ssl_gtest/ssl_extension_unittest.cc.disable_dsa ./gtests/ssl_gtest/ssl_extension_unittest.cc +--- ./gtests/ssl_gtest/ssl_extension_unittest.cc.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_extension_unittest.cc 2024-06-17 09:38:50.438019407 -0700 +@@ -651,7 +651,10 @@ TEST_P(TlsExtensionTest12, SignatureAlgo + } + } + ++#ifndef NSS_DISABLE_DSA + // This only works on TLS 1.2, since it relies on DSA. ++// and doesn't work if we've disabled DSA (Reset(TlsAgent:kServerDSA) fail ++// because we don't have a DSA certificate) + TEST_P(TlsExtensionTest12, SignatureAlgorithmDisableDSA) { + const std::vector schemes = { + ssl_sig_dsa_sha1, ssl_sig_dsa_sha256, ssl_sig_dsa_sha384, +@@ -700,6 +703,7 @@ TEST_P(TlsExtensionTest12, SignatureAlgo + EXPECT_TRUE(ext2.Read(2, 2, &v)); + EXPECT_EQ(ssl_sig_rsa_pss_rsae_sha256, v); + } ++#endif + + // Temporary test to verify that we choke on an empty ClientKeyShare. + // This test will fail when we implement HelloRetryRequest. +diff -up ./lib/softoken/pkcs11c.c.disable_dsa ./lib/softoken/pkcs11c.c +--- ./lib/softoken/pkcs11c.c.disable_dsa 2024-06-17 09:38:50.434019363 -0700 ++++ ./lib/softoken/pkcs11c.c 2024-06-17 09:38:50.439019418 -0700 +@@ -2665,6 +2665,7 @@ sftk_RSASignPSS(SFTKPSSSignInfo *info, u + return rv; + } + ++#ifndef NSS_DISABLE_DSA + static SECStatus + nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, + void *dataBuf, unsigned int dataLen) +@@ -2690,6 +2691,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu + *sigLen = signature.len; + return rv; + } ++#endif + + static SECStatus + nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, +@@ -2905,6 +2907,7 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, + context->maxLen = nsslowkey_PrivateModulusLen(pinfo->key); + break; + ++#ifndef NSS_DISABLE_DSA + #define INIT_DSA_SIG_MECH(mmm) \ + case CKM_DSA_##mmm: \ + context->multi = PR_TRUE; \ +@@ -2933,6 +2936,7 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, + context->maxLen = DSA_MAX_SIGNATURE_LEN; + + break; ++#endif + + #define INIT_ECDSA_SIG_MECH(mmm) \ + case CKM_ECDSA_##mmm: \ +@@ -3717,6 +3721,7 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio + context->verify = (SFTKVerify)sftk_RSACheckSignPSS; + break; + ++#ifndef NSS_DISABLE_DSA + INIT_DSA_SIG_MECH(SHA1) + INIT_DSA_SIG_MECH(SHA224) + INIT_DSA_SIG_MECH(SHA256) +@@ -3736,6 +3741,7 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio + context->verify = (SFTKVerify)nsc_DSA_Verify_Stub; + context->destroy = sftk_Null; + break; ++#endif + + INIT_ECDSA_SIG_MECH(SHA1) + INIT_ECDSA_SIG_MECH(SHA224) +@@ -4753,12 +4759,16 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + key_gen_type = nsc_pbe; + crv = nsc_SetupPBEKeyGen(pMechanism, &pbe_param, &key_type, &key_length); + break; ++/*#ifndef NSS_DISABLE_DSA */ ++/* some applications use CKM_DSA_PARAMTER_GEN for week DH keys... ++ * most notably tests... continue to allow it for now */ + case CKM_DSA_PARAMETER_GEN: + key_gen_type = nsc_param; + key_type = CKK_DSA; + objclass = CKO_DOMAIN_PARAMETERS; + crv = CKR_OK; + break; ++/* #endif */ + case CKM_NSS_JPAKE_ROUND1_SHA1: + hashType = HASH_AlgSHA1; + goto jpake1; +@@ -5121,11 +5131,13 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + signature_length = modulusLen; + mech.mechanism = CKM_RSA_PKCS; + break; ++#ifndef NSS_DISABLE_DSA + case CKK_DSA: + signature_length = DSA_MAX_SIGNATURE_LEN; + pairwise_digest_length = subPrimeLen; + mech.mechanism = CKM_DSA; + break; ++#endif + case CKK_EC: + signature_length = MAX_ECKEY_LEN * 2; + mech.mechanism = CKM_ECDSA; +@@ -5373,10 +5385,12 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + SECItem pubExp; + RSAPrivateKey *rsaPriv; + ++ DHParams dhParam; ++#ifndef NSS_DISABLE_DSA + /* DSA */ + PQGParams pqgParam; +- DHParams dhParam; + DSAPrivateKey *dsaPriv; ++#endif + + /* Diffie Hellman */ + DHPrivateKey *dhPriv; +@@ -5552,6 +5566,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + /* Should zeroize the contents first, since this func doesn't. */ + PORT_FreeArena(rsaPriv->arena, PR_TRUE); + break; ++#ifndef NSS_DISABLE_DSA + case CKM_DSA_KEY_PAIR_GEN: + sftk_DeleteAttributeType(publicKey, CKA_VALUE); + sftk_DeleteAttributeType(privateKey, CKA_NSS_DB); +@@ -5663,6 +5678,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + /* should zeroize, since this function doesn't. */ + PORT_FreeArena(dsaPriv->params.arena, PR_TRUE); + break; ++#endif + + case CKM_DH_PKCS_KEY_PAIR_GEN: + sftk_DeleteAttributeType(privateKey, CKA_PRIME); +diff -up ./lib/softoken/pkcs11.c.disable_dsa ./lib/softoken/pkcs11.c +--- ./lib/softoken/pkcs11.c.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/softoken/pkcs11.c 2024-06-17 09:38:50.439019418 -0700 +@@ -359,6 +359,7 @@ static const struct mechanismList mechan + { CKM_SHA384_RSA_PKCS_PSS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE }, + { CKM_SHA512_RSA_PKCS_PSS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE }, + /* ------------------------- DSA Operations --------------------------- */ ++#ifndef NSS_DISABLE_DSA + { CKM_DSA_KEY_PAIR_GEN, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE }, + { CKM_DSA, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, + { CKM_DSA_PARAMETER_GEN, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_GENERATE }, PR_TRUE }, +@@ -367,6 +368,7 @@ static const struct mechanismList mechan + { CKM_DSA_SHA256, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, + { CKM_DSA_SHA384, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, + { CKM_DSA_SHA512, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, ++#endif + /* -------------------- Diffie Hellman Operations --------------------- */ + /* no diffie hellman yet */ + { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE }, +diff -up ./tests/cert/cert.sh.disable_dsa ./tests/cert/cert.sh +--- ./tests/cert/cert.sh.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./tests/cert/cert.sh 2024-06-17 09:38:50.440019429 -0700 +@@ -288,12 +288,14 @@ cert_create_cert() + return $RET + fi + ++ if [ -z "$NSS_DISABLE_DSA" ]; then + CU_ACTION="Import DSA Root CA for $CERTNAME" + certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \ + -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi ++ fi + + + CU_ACTION="Import EC Root CA for $CERTNAME" +@@ -342,6 +344,7 @@ cert_add_cert() + # + # Generate and add DSA cert + # ++ if [ -z "$NSS_DISABLE_DSA" ]; then + CU_ACTION="Generate DSA Cert Request for $CERTNAME" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ +@@ -392,6 +395,7 @@ cert_add_cert() + return $RET + fi + cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created" ++ fi + + # + # Generate and add EC cert +@@ -504,6 +508,7 @@ cert_all_CA() + # in the chain + + ++ if [ -z "$NSS_DISABLE_DSA" ]; then + # + # Create DSA version of TestCA + ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" +@@ -527,6 +532,7 @@ cert_all_CA() + rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert + # dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last + # in the chain ++ fi + + # + # Create RSA-PSS version of TestCA +@@ -988,6 +994,7 @@ cert_extended_ssl() + certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ + -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1 + ++ if [ -z "$NSS_DISABLE_DSA" ]; then + # + # Repeat the above for DSA certs + # +@@ -1031,6 +1038,7 @@ cert_extended_ssl() + # certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \ + # -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \ + # 2>&1 ++ fi + + # + # Repeat the above for EC certs +@@ -1084,18 +1092,18 @@ cert_extended_ssl() + # we'll use one of the longer nicknames for testing. + # (Because "grep -w hostname" matches "grep -w hostname-dsamixed") + MYDBPASS="-d ${PROFILEDIR} -f ${R_PWFILE}" +- TESTNAME="Ensure there's exactly one match for ${CERTNAME}-dsamixed" +- cert_check_nickname_exists "$MYDBPASS" "${CERTNAME}-dsamixed" 0 1 "${TESTNAME}" ++ TESTNAME="Ensure there's exactly one match for ${CERTNAME}-ecmixed" ++ cert_check_nickname_exists "$MYDBPASS" "${CERTNAME}-ecmixed" 0 1 "${TESTNAME}" + +- CU_ACTION="Repeated import of $CERTNAME's mixed DSA Cert with different nickname" +- certu -A -n "${CERTNAME}-repeated-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ +- -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 ++ CU_ACTION="Repeated import of $CERTNAME's mixed EC Cert with different nickname" ++ certu -A -n "${CERTNAME}-repeated-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \ ++ -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1 + +- TESTNAME="Ensure there's still exactly one match for ${CERTNAME}-dsamixed" +- cert_check_nickname_exists "$MYDBPASS" "${CERTNAME}-dsamixed" 0 1 "${TESTNAME}" ++ TESTNAME="Ensure there's still exactly one match for ${CERTNAME}-ecmixed" ++ cert_check_nickname_exists "$MYDBPASS" "${CERTNAME}-ecmixed" 0 1 "${TESTNAME}" + +- TESTNAME="Ensure there's zero matches for ${CERTNAME}-repeated-dsamixed" +- cert_check_nickname_exists "$MYDBPASS" "${CERTNAME}-repeated-dsamixed" 0 0 "${TESTNAME}" ++ TESTNAME="Ensure there's zero matches for ${CERTNAME}-repeated-ecmixed" ++ cert_check_nickname_exists "$MYDBPASS" "${CERTNAME}-repeated-ecmixed" 0 0 "${TESTNAME}" + + echo "Importing all the server's own CA chain into the servers DB" + for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ; +@@ -1140,6 +1148,7 @@ cert_extended_ssl() + # + # Repeat the above for DSA certs + # ++ if [ -z "$NSS_DISABLE_DSA" ]; then + CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ +@@ -1183,6 +1192,7 @@ cert_extended_ssl() + # + # done with mixed DSA certs + # ++ fi + + # + # Repeat the above for EC certs +@@ -1273,8 +1283,10 @@ cert_ssl() + CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" + certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" + ++ if [ -z "$NSS_DISABLE_DSA" ]; then + CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC" + certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" ++ fi + + CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" + certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" +@@ -1383,9 +1395,14 @@ MODSCRIPT + certu -G -k rsa -g 2048 -y 17 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}" + RETEXPECTED=0 + ++ if [ -z "$NSS_DISABLE_DSA" ]; then ++ FIPS_KEY="-k dsa" ++ else ++ FIPS_KEY="-k ec -q nistp256" ++ fi + CU_ACTION="Generate Certificate for ${CERTNAME}" + CU_SUBJECT="CN=${CERTNAME}, E=fips@example.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" +- certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1 ++ certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" ${FIPS_KEY} -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1 + if [ "$RET" -eq 0 ]; then + cert_log "SUCCESS: FIPS passed" + fi +@@ -1817,6 +1834,7 @@ EOF_CRLINI + chmod 600 ${CRL_FILE_GRP_1}_or + + ++ if [ -z "$NSS_DISABLE_DSA" ]; then + CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority" + + # Until Bug 292285 is resolved, do not encode x400 Addresses. After +@@ -1831,6 +1849,7 @@ addext issuerAltNames 0 "rfc822Name:ca-d + EOF_CRLINI + CRL_GEN_RES=`expr $? + $CRL_GEN_RES` + chmod 600 ${CRL_FILE_GRP_1}_or-dsa ++ fi + + + +@@ -1867,6 +1886,7 @@ EOF_CRLINI + TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or" + + ++ if [ -z "$NSS_DISABLE_DSA" ]; then + CU_ACTION="Modify CRL (DSA) by adding one more cert" + crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1-dsa \ + -i ${CRL_FILE_GRP_1}_or-dsa <
" >> ${PERFRESULTS} + fi + ++if [ -z "${NSS_DISABLE_DSA}" ]; then + if [ $TESTSET = "all" -o $TESTSET = "dsa" ]; then + + while read mode keysize bufsize reps cxreps +@@ -124,6 +125,7 @@ done < ${DSAPERFOUT} + + echo "
" >> ${PERFRESULTS} + fi ++fi + + if [ $TESTSET = "all" -o $TESTSET = "hash" ]; then + while read mode bufsize reps +diff -up ./tests/dbtests/dbtests.sh.disable_dsa ./tests/dbtests/dbtests.sh +--- ./tests/dbtests/dbtests.sh.disable_dsa 2024-06-17 09:38:50.412019123 -0700 ++++ ./tests/dbtests/dbtests.sh 2024-06-17 09:38:50.440019429 -0700 +@@ -257,7 +257,13 @@ dbtest_main() + fi + # import a token private key and make sure the corresponding public key is + # created +- ${BINDIR}/pk11importtest -d ${CONFLICT_DIR} -f ${R_PWFILE} ++ IMPORT_OPTIONS="" ++ if [ -n "$NSS_DISABLE_DSA" ]; then ++ IMPORT_OPTIONS="-D noDSA" ++ fi ++ Echo "Importing Token Private Key" ++ echo "pk11importtest ${IMPORT_OPTIONS} -d ${CONFLICT_DIR} -f ${R_PWFILE}" ++ ${BINDIR}/pk11importtest ${IMPORT_OPTIONS} -d ${CONFLICT_DIR} -f ${R_PWFILE} + ret=$? + if [ $ret -ne 0 ]; then + html_failed "Importing Token Private Key does not create the corrresponding Public Key" +diff -up ./tests/ssl_gtests/ssl_gtests.sh.disable_dsa ./tests/ssl_gtests/ssl_gtests.sh +--- ./tests/ssl_gtests/ssl_gtests.sh.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./tests/ssl_gtests/ssl_gtests.sh 2024-06-17 09:38:50.440019429 -0700 +@@ -56,7 +56,9 @@ ssl_gtest_certs() { + make_cert rsa_pss_chain rsapss_chain sign + make_cert rsa_ca_rsa_pss_chain rsa_ca_rsapss_chain sign + make_cert ecdh_rsa ecdh_rsa kex +- make_cert dsa dsa sign ++ if [ -z "${NSS_DISABLE_DSA}" ]; then ++ make_cert dsa dsa sign ++ fi + make_cert delegator_ecdsa256 delegator_p256 sign + make_cert delegator_rsae2048 delegator_rsae2048 sign + make_cert delegator_rsa_pss2048 delegator_rsa_pss2048 sign +diff -up ./tests/ssl/sslcov.txt.disable_dsa ./tests/ssl/sslcov.txt +--- ./tests/ssl/sslcov.txt.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./tests/ssl/sslcov.txt 2024-06-17 09:38:50.440019429 -0700 +@@ -16,7 +16,6 @@ + noECC SSL3 y SSL3_RSA_WITH_AES_256_CBC_SHA + noECC SSL3 z SSL3_RSA_WITH_NULL_SHA + noECC TLS12 :009F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 +- noECC TLS12 :00A3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 + noECC TLS12 :009D TLS_RSA_WITH_AES_256_GCM_SHA384 + # noECC SSL3 :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + # noECC SSL3 :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA +@@ -51,20 +50,15 @@ + noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA + noECC TLS12 z TLS12_RSA_WITH_NULL_SHA + noECC TLS12 :0016 TLS12_DHE_RSA_WITH_3DES_EDE_CBC_SHA +- noECC TLS12 :0032 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA + noECC TLS12 :0033 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA +- noECC TLS12 :0038 TLS12_DHE_DSS_WITH_AES_256_CBC_SHA + noECC TLS12 :0039 TLS12_DHE_RSA_WITH_AES_256_CBC_SHA + noECC TLS12 :003B TLS12_RSA_WITH_NULL_SHA256 + noECC TLS12 :003C TLS12_RSA_WITH_AES_128_CBC_SHA256 + noECC TLS12 :003D TLS12_RSA_WITH_AES_256_CBC_SHA256 +- noECC TLS12 :0040 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA256 + noECC TLS12 :0067 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA256 +- noECC TLS12 :006A TLS12_DHE_DSS_WITH_AES_256_CBC_SHA256 + noECC TLS12 :006B TLS12_DHE_RSA_WITH_AES_256_CBC_SHA256 + noECC TLS12 :009C TLS12_RSA_WITH_AES_128_GCM_SHA256 + noECC TLS12 :009E TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256 +- noECC TLS12 :00A2 TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256 + noECC TLS12 :CCAA TLS12_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + noECC TLS13 :1301 TLS13_DHE_WITH_AES_128_GCM_SHA256 + noECC TLS13 :1302 TLS13_DHE_WITH_AES_256_GCM_SHA384 +diff -up ./tests/ssl/ssl.sh.disable_dsa ./tests/ssl/ssl.sh +--- ./tests/ssl/ssl.sh.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./tests/ssl/ssl.sh 2024-06-17 09:38:50.440019429 -0700 +@@ -251,20 +251,26 @@ start_selfserv() + else + RSA_OPTIONS="-n ${HOSTADDR}-rsa-pss" + fi ++ if [ -z "$NSS_DISABLE_DSA" ]; then ++ DSA_OPTIONS="-S ${HOSTADDR}-dsa" ++ else ++ DSA_OPTIONS="" ++ fi ++ + SERVER_VMIN=${SERVER_VMIN-ssl3} + SERVER_VMAX=${SERVER_VMAX-tls1.2} + echo "selfserv starting at `date`" + echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} ${RSA_OPTIONS} ${SERVER_OPTIONS} \\" +- echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID}\\" ++ echo " ${ECC_OPTIONS} ${DSA_OPTIONS} -w nss "$@" -i ${R_SERVERPID}\\" + echo " -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 &" + if [ ${fileout} -eq 1 ]; then + ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} ${RSA_OPTIONS} ${SERVER_OPTIONS} \ +- ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID} -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 \ ++ ${ECC_OPTIONS} ${DSA_OPTIONS} -w nss "$@" -i ${R_SERVERPID} -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 \ + > ${SERVEROUTFILE} 2>&1 & + RET=$? + else + ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} ${RSA_OPTIONS} ${SERVER_OPTIONS} \ +- ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID} -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 & ++ ${ECC_OPTIONS} ${DSA_OPTIONS} -w nss "$@" -i ${R_SERVERPID} -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 & + RET=$? + fi + +diff -up ./tests/ssl/sslstress.txt.disable_dsa ./tests/ssl/sslstress.txt +--- ./tests/ssl/sslstress.txt.disable_dsa 2024-06-07 09:26:03.000000000 -0700 ++++ ./tests/ssl/sslstress.txt 2024-06-17 09:38:50.440019429 -0700 +@@ -55,15 +55,6 @@ + + + noECC 0 -c_:0039 -V_ssl3:tls1.2_-c_100_-C_:0039_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse) +- noECC 0 -c_:0040 -V_ssl3:tls1.2_-c_100_-C_:0040_-N Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse) +- +-# noECC 0 -c_:0038_-u -V_ssl3:tls1.2_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket) +-# use the above session ticket test, once session tickets with DHE_DSS are working +- noECC 0 -c_:0038 -V_ssl3:tls1.2_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse) +- +-# noECC 0 -c_:006A -V_ssl3:tls1.2_-c_1000_-C_:006A Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 +-# use the above reuse test, once the session cache with DHE_DSS is working +- noECC 0 -c_:006A -V_ssl3:tls1.2_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse + + noECC 0 -c_:006B -V_ssl3:tls1.2_-c_100_-C_:006B_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse) + noECC 0 -c_:009E -V_ssl3:tls1.2_-c_100_-C_:009E_-N Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse) +@@ -71,11 +62,3 @@ + # + # add client auth versions here... + # +- noECC 0 -r_-r_-c_:0032 -V_ssl3:tls1.2_-c_100_-C_:0032_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth) +- noECC 0 -r_-r_-c_:0067 -V_ssl3:tls1.2_-c_1000_-C_:0067_-n_TestUser-dsamixed Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth) +- +-# noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:tls1.2_-c_1000_-C_:00A2_-n_TestUser-dsa_-u Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth) +-# noECC 0 -r_-r_-c_:00A3_-u -V_ssl3:tls1.2_-c_1000_-C_:00A3_-n_TestUser-dsa_-u Stress TLS DHE_DSS_WITH_AES_256_GCM_SHA384 (session ticket, client auth) +-# use the above session ticket test, once session tickets with DHE_DSS are working +- noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:tls1.2_-c_1000_-C_:00A2_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth) +- noECC 0 -r_-r_-c_:00A3_-u -V_ssl3:tls1.2_-c_1000_-C_:00A3_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_256_GCM_SHA384 (no reuse, client auth) diff --git a/SOURCES/nss-3.101-enable-kyber-policy.patch b/SOURCES/nss-3.101-enable-kyber-policy.patch new file mode 100644 index 0000000..374e4e6 --- /dev/null +++ b/SOURCES/nss-3.101-enable-kyber-policy.patch @@ -0,0 +1,13 @@ +diff -up ./lib/pk11wrap/pk11pars.c.enable_kyber_policy ./lib/pk11wrap/pk11pars.c +--- ./lib/pk11wrap/pk11pars.c.enable_kyber_policy 2024-06-12 14:44:24.680338868 -0700 ++++ ./lib/pk11wrap/pk11pars.c 2024-06-12 14:44:48.368609356 -0700 +@@ -245,7 +245,8 @@ static const oidValDef curveOptList[] = + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, + { CIPHER_NAME("CURVE25519"), SEC_OID_CURVE25519, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, +- { CIPHER_NAME("XYBER768D00"), SEC_OID_XYBER768D00, 0 }, ++ { CIPHER_NAME("XYBER768D00"), SEC_OID_XYBER768D00, ++ NSS_USE_ALG_IN_SSL_KX }, + /* ANSI X9.62 named elliptic curves (characteristic two field) */ + { CIPHER_NAME("C2PNB163V1"), SEC_OID_ANSIX962_EC_C2PNB163V1, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE }, diff --git a/SOURCES/nss-3.101-enable-sdb-tests.patch b/SOURCES/nss-3.101-enable-sdb-tests.patch new file mode 100644 index 0000000..6bf3484 --- /dev/null +++ b/SOURCES/nss-3.101-enable-sdb-tests.patch @@ -0,0 +1,63 @@ +diff -up ./tests/cert/cert.sh.no_dbm_tests ./tests/cert/cert.sh +--- ./tests/cert/cert.sh.no_dbm_tests 2024-06-20 17:08:03.146169243 -0700 ++++ ./tests/cert/cert.sh 2024-06-20 17:08:23.282404259 -0700 +@@ -2662,9 +2662,7 @@ cert_test_password + cert_test_distrust + cert_test_ocspresp + cert_test_rsapss +-if [ "${TEST_MODE}" = "SHARED_DB" ] ; then +- cert_test_rsapss_policy +-fi ++cert_test_rsapss_policy + cert_test_token_uri + + if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then +diff -up ./tests/smime/smime.sh.no_dbm_tests ./tests/smime/smime.sh +--- ./tests/smime/smime.sh.no_dbm_tests 2024-06-20 17:08:45.147659448 -0700 ++++ ./tests/smime/smime.sh 2024-06-20 17:09:05.313894814 -0700 +@@ -872,8 +872,6 @@ smime_init + smime_main + smime_data_tb + smime_p7 +-if [ "${TEST_MODE}" = "SHARED_DB" ] ; then +- smime_policy +-fi ++smime_policy + smime_cleanup + +diff -up ./tests/ssl/ssl.sh.no_dbm_tests ./tests/ssl/ssl.sh +--- ./tests/ssl/ssl.sh.no_dbm_tests 2024-06-20 17:09:28.588166454 -0700 ++++ ./tests/ssl/ssl.sh 2024-06-20 17:09:54.351467232 -0700 +@@ -1600,12 +1600,10 @@ ssl_run_tests() + do + case "${SSL_TEST}" in + "policy") +- if [ "${TEST_MODE}" = "SHARED_DB" ] ; then +- ssl_policy_listsuites +- ssl_policy_selfserv +- ssl_policy_pkix_ocsp +- ssl_policy +- fi ++ ssl_policy_listsuites ++ ssl_policy_selfserv ++ ssl_policy_pkix_ocsp ++ ssl_policy + ;; + "crl") + ssl_crl_ssl +diff -up ./tests/tools/tools.sh.no_dbm_tests ./tests/tools/tools.sh +--- ./tests/tools/tools.sh.no_dbm_tests 2024-06-20 17:10:13.828694981 -0700 ++++ ./tests/tools/tools.sh 2024-06-20 17:10:31.051896368 -0700 +@@ -584,10 +584,8 @@ tools_p12() + tools_p12_export_with_invalid_ciphers + tools_p12_import_old_files + tools_p12_import_pbmac1_samples +- if [ "${TEST_MODE}" = "SHARED_DB" ] ; then +- tools_p12_import_rsa_pss_private_key +- tools_p12_policy +- fi ++ tools_p12_import_rsa_pss_private_key ++ tools_p12_policy + } + + ############################## tools_sign ############################## diff --git a/SOURCES/nss-3.101-extend-db-dump-time.patch b/SOURCES/nss-3.101-extend-db-dump-time.patch new file mode 100644 index 0000000..88a608b --- /dev/null +++ b/SOURCES/nss-3.101-extend-db-dump-time.patch @@ -0,0 +1,12 @@ +diff -up ./tests/dbtests/dbtests.sh.extend ./tests/dbtests/dbtests.sh +--- ./tests/dbtests/dbtests.sh.extend 2023-11-15 13:17:50.651020458 -0800 ++++ ./tests/dbtests/dbtests.sh 2023-11-15 13:18:57.091608850 -0800 +@@ -366,7 +366,7 @@ dbtest_main() + RARRAY=($dtime) + TIMEARRAY=(${RARRAY[1]//./ }) + echo "${TIMEARRAY[0]} seconds" +- test ${TIMEARRAY[0]} -lt 5 ++ test ${TIMEARRAY[0]} -lt ${NSS_DB_DUMP_TIME-5} + ret=$? + html_msg ${ret} 0 "certutil dump keys with explicit default trust flags" + fi diff --git a/SOURCES/nss-3.101-fips-indicators.patch b/SOURCES/nss-3.101-fips-indicators.patch new file mode 100644 index 0000000..604d054 --- /dev/null +++ b/SOURCES/nss-3.101-fips-indicators.patch @@ -0,0 +1,190 @@ +diff -up ./lib/softoken/pkcs11c.c.fips_indicators ./lib/softoken/pkcs11c.c +--- ./lib/softoken/pkcs11c.c.fips_indicators 2024-06-12 13:38:15.995811284 -0700 ++++ ./lib/softoken/pkcs11c.c 2024-06-12 13:41:30.008188930 -0700 +@@ -453,7 +453,7 @@ sftk_InitGeneric(SFTKSession *session, C + context->blockSize = 0; + context->maxLen = 0; + context->isFIPS = sftk_operationIsFIPS(session->slot, pMechanism, +- operation, key); ++ operation, key, 0); + *contextPtr = context; + return CKR_OK; + } +@@ -4885,7 +4885,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + crv = sftk_handleObject(key, session); + /* we need to do this check at the end, so we can check the generated + * key length against fips requirements */ +- key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE, key); ++ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE, key, 0); + session->lastOpWasFIPS = key->isFIPS; + sftk_FreeSession(session); + if (crv == CKR_OK && sftk_isTrue(key, CKA_SENSITIVE)) { +@@ -6020,7 +6020,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + return crv; + } + /* we need to do this check at the end to make sure the generated key meets the key length requirements */ +- privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE_KEY_PAIR, privateKey); ++ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE_KEY_PAIR, privateKey, 0); + publicKey->isFIPS = privateKey->isFIPS; + session->lastOpWasFIPS = privateKey->isFIPS; + sftk_FreeSession(session); +@@ -7220,6 +7220,10 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + return CKR_TEMPLATE_INCONSISTENT; + } + ++ if (!params->bExpand) { ++ keySize = hashLen; ++ } ++ + /* sourceKey is NULL if we are called from the POST, skip the + * sensitiveCheck */ + if (sourceKey != NULL) { +@@ -7269,7 +7273,8 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + mech.pParameter = params; + mech.ulParameterLen = sizeof(*params); + key->isFIPS = sftk_operationIsFIPS(saltKey->slot, &mech, +- CKA_DERIVE, saltKey); ++ CKA_DERIVE, saltKey, ++ keySize); + } + saltKeySource = saltKey->source; + saltKey_att = sftk_FindAttribute(saltKey, CKA_VALUE); +@@ -7336,7 +7341,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + /* HKDF-Expand */ + if (!params->bExpand) { + okm = prk; +- keySize = genLen = hashLen; ++ genLen = hashLen; + } else { + /* T(1) = HMAC-Hash(prk, "" | info | 0x01) + * T(n) = HMAC-Hash(prk, T(n-1) | info | n +@@ -7583,7 +7588,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + return CKR_KEY_HANDLE_INVALID; + } + } +- key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey); ++ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey, ++ keySize); + + switch (mechanism) { + /* get a public key from a private key. nsslowkey_ConvertToPublickey() +diff -up ./lib/softoken/pkcs11i.h.fips_indicators ./lib/softoken/pkcs11i.h +--- ./lib/softoken/pkcs11i.h.fips_indicators 2024-06-12 13:38:15.988811198 -0700 ++++ ./lib/softoken/pkcs11i.h 2024-06-12 13:38:15.996811296 -0700 +@@ -979,7 +979,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB + /* check the FIPS table to determine if this current operation is allowed by + * FIPS security policy */ + PRBool sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, +- CK_ATTRIBUTE_TYPE op, SFTKObject *source); ++ CK_ATTRIBUTE_TYPE op, SFTKObject *source, ++ CK_ULONG targetKeySize); + /* add validation objects to the slot */ + CK_RV sftk_CreateValidationObjects(SFTKSlot *slot); + +diff -up ./lib/softoken/pkcs11u.c.fips_indicators ./lib/softoken/pkcs11u.c +--- ./lib/softoken/pkcs11u.c.fips_indicators 2024-06-12 13:38:15.990811223 -0700 ++++ ./lib/softoken/pkcs11u.c 2024-06-12 13:38:15.996811296 -0700 +@@ -2336,7 +2336,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou + static CK_ULONG + sftk_getKeyLength(SFTKObject *source) + { +- CK_KEY_TYPE keyType = CK_INVALID_HANDLE; ++ CK_KEY_TYPE keyType = CKK_INVALID_KEY_TYPE; + CK_ATTRIBUTE_TYPE keyAttribute; + CK_ULONG keyLength = 0; + SFTKAttribute *attribute; +@@ -2398,13 +2398,29 @@ sftk_getKeyLength(SFTKObject *source) + return keyLength; + } + ++PRBool ++sftk_CheckFIPSHash(CK_MECHANISM_TYPE hash) ++{ ++ switch (hash) { ++ case CKM_SHA256: ++ case CKG_MGF1_SHA256: ++ case CKM_SHA384: ++ case CKG_MGF1_SHA384: ++ case CKM_SHA512: ++ case CKG_MGF1_SHA512: ++ return PR_TRUE; ++ } ++ return PR_FALSE; ++} ++ + /* + * handle specialized FIPS semantics that are too complicated to + * handle with just a table. NOTE: this means any additional semantics + * would have to be coded here before they can be added to the table */ + static PRBool + sftk_handleSpecial(SFTKSlot *slot, CK_MECHANISM *mech, +- SFTKFIPSAlgorithmList *mechInfo, SFTKObject *source) ++ SFTKFIPSAlgorithmList *mechInfo, SFTKObject *source, ++ CK_ULONG keyLength, CK_ULONG targetKeyLength) + { + switch (mechInfo->special) { + case SFTKFIPSDH: { +@@ -2464,10 +2480,15 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + if (hashObj == NULL) { + return PR_FALSE; + } ++ /* cap the salt for legacy keys */ ++ if ((keyLength <= 1024) && (pss->sLen > 63)) { ++ return PR_FALSE; ++ } ++ /* cap the salt for based on the hash */ + if (pss->sLen > hashObj->length) { + return PR_FALSE; + } +- return PR_TRUE; ++ return sftk_CheckFIPSHash(pss->hashAlg); + } + case SFTKFIPSPBKDF2: { + /* PBKDF2 must have the following addition restrictions +@@ -2492,6 +2513,13 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + } + return PR_TRUE; + } ++ /* check the hash mechanisms to make sure they themselves are FIPS */ ++ case SFTKFIPSChkHash: ++ if (mech->ulParameterLen < mechInfo->offset +sizeof(CK_ULONG)) { ++ return PR_FALSE; ++ } ++ return sftk_CheckFIPSHash(*(CK_ULONG *)(((char *)mech->pParameter) ++ + mechInfo->offset)); + default: + break; + } +@@ -2502,7 +2530,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + + PRBool + sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, CK_ATTRIBUTE_TYPE op, +- SFTKObject *source) ++ SFTKObject *source, CK_ULONG targetKeyLength) + { + #ifndef NSS_HAS_FIPS_INDICATORS + return PR_FALSE; +@@ -2534,13 +2562,17 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_ + SFTKFIPSAlgorithmList *mechs = &sftk_fips_mechs[i]; + /* if we match the number of records exactly, then we are an + * approved algorithm in the approved mode with an approved key */ +- if (((mech->mechanism == mechs->type) && +- (opFlags == (mechs->info.flags & opFlags)) && +- (keyLength <= mechs->info.ulMaxKeySize) && +- (keyLength >= mechs->info.ulMinKeySize) && +- ((keyLength - mechs->info.ulMinKeySize) % mechs->step) == 0) && ++ if ((mech->mechanism == mechs->type) && ++ (opFlags == (mechs->info.flags & opFlags)) && ++ (keyLength <= mechs->info.ulMaxKeySize) && ++ (keyLength >= mechs->info.ulMinKeySize) && ++ (((keyLength - mechs->info.ulMinKeySize) % mechs->step) == 0) && ++ ((targetKeyLength == 0) || ++ ((targetKeyLength <= mechs->info.ulMaxKeySize) && ++ (targetKeyLength >= mechs->info.ulMinKeySize) && ++ ((targetKeyLength - mechs->info.ulMinKeySize) % mechs->step) == 0)) && + ((mechs->special == SFTKFIPSNone) || +- sftk_handleSpecial(slot, mech, mechs, source))) { ++ sftk_handleSpecial(slot, mech, mechs, source, keyLength, targetKeyLength))) { + return PR_TRUE; + } + } diff --git a/SOURCES/nss-3.101-fips-review.patches b/SOURCES/nss-3.101-fips-review.patches new file mode 100644 index 0000000..755b087 --- /dev/null +++ b/SOURCES/nss-3.101-fips-review.patches @@ -0,0 +1,490 @@ +diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c +--- ./lib/freebl/dh.c.fips-review 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/freebl/dh.c 2024-06-12 12:04:10.639360404 -0700 +@@ -445,7 +445,7 @@ cleanup: + PRBool + KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) + { +- mp_int p, q, y, r; ++ mp_int p, q, y, r, psub1; + mp_err err; + int cmp = 1; /* default is false */ + if (!Y || !prime || !subPrime) { +@@ -456,13 +456,30 @@ KEA_Verify(SECItem *Y, SECItem *prime, S + MP_DIGITS(&q) = 0; + MP_DIGITS(&y) = 0; + MP_DIGITS(&r) = 0; ++ MP_DIGITS(&psub1) = 0; + CHECK_MPI_OK(mp_init(&p)); + CHECK_MPI_OK(mp_init(&q)); + CHECK_MPI_OK(mp_init(&y)); + CHECK_MPI_OK(mp_init(&r)); ++ CHECK_MPI_OK(mp_init(&psub1)); + SECITEM_TO_MPINT(*prime, &p); + SECITEM_TO_MPINT(*subPrime, &q); + SECITEM_TO_MPINT(*Y, &y); ++ CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1)); ++ /* ++ * We check that the public value isn't zero (which isn't in the ++ * group), one (subgroup of order one) or p-1 (subgroup of order 2). We ++ * also check that the public value is less than p, to avoid being fooled ++ * by values like p+1 or 2*p-1. ++ * This check is required by SP-800-56Ar3. It's also done in derive, ++ * but this is only called in various FIPS cases, so put it here to help ++ * reviewers find it. ++ */ ++ if (mp_cmp_d(&y, 1) <= 0 || ++ mp_cmp(&y, &psub1) >= 0) { ++ err = MP_BADARG; ++ goto cleanup; ++ } + /* compute r = y**q mod p */ + CHECK_MPI_OK(mp_exptmod(&y, &q, &p, &r)); + /* compare to 1 */ +@@ -472,6 +489,7 @@ cleanup: + mp_clear(&q); + mp_clear(&y); + mp_clear(&r); ++ mp_clear(&psub1); + if (err) { + MP_TO_SEC_ERROR(err); + return PR_FALSE; +diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c +--- ./lib/softoken/pkcs11c.c.fips-review 2024-06-12 12:04:10.638360392 -0700 ++++ ./lib/softoken/pkcs11c.c 2024-06-12 13:06:35.410551333 -0700 +@@ -43,6 +43,7 @@ + + #include "prprf.h" + #include "prenv.h" ++#include "prerror.h" + + #define __PASTE(x, y) x##y + #define BAD_PARAM_CAST(pMech, typeSize) (!pMech->pParameter || pMech->ulParameterLen < typeSize) +@@ -4882,6 +4883,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + * handle the base object stuff + */ + crv = sftk_handleObject(key, session); ++ /* we need to do this check at the end, so we can check the generated ++ * key length against fips requirements */ ++ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE, key); ++ session->lastOpWasFIPS = key->isFIPS; + sftk_FreeSession(session); + if (crv == CKR_OK && sftk_isTrue(key, CKA_SENSITIVE)) { + crv = sftk_forceAttribute(key, CKA_ALWAYS_SENSITIVE, &cktrue, sizeof(CK_BBOOL)); +@@ -4889,9 +4894,6 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + if (crv == CKR_OK && !sftk_isTrue(key, CKA_EXTRACTABLE)) { + crv = sftk_forceAttribute(key, CKA_NEVER_EXTRACTABLE, &cktrue, sizeof(CK_BBOOL)); + } +- /* we need to do this check at the end, so we can check the generated key length against +- * fips requirements */ +- key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE, key); + if (crv == CKR_OK) { + *phKey = key->handle; + } +@@ -5199,60 +5201,68 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + + if (isDerivable) { + SFTKAttribute *pubAttribute = NULL; +- CK_OBJECT_HANDLE newKey; + PRBool isFIPS = sftk_isFIPS(slot->slotID); +- CK_RV crv2; +- CK_OBJECT_CLASS secret = CKO_SECRET_KEY; +- CK_KEY_TYPE generic = CKK_GENERIC_SECRET; +- CK_ULONG keyLen = 128; +- CK_BBOOL ckTrue = CK_TRUE; +- CK_ATTRIBUTE template[] = { +- { CKA_CLASS, &secret, sizeof(secret) }, +- { CKA_KEY_TYPE, &generic, sizeof(generic) }, +- { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, +- { CKA_DERIVE, &ckTrue, sizeof(ckTrue) } +- }; +- CK_ULONG templateCount = PR_ARRAY_SIZE(template); +- CK_ECDH1_DERIVE_PARAMS ecParams; ++ NSSLOWKEYPrivateKey *lowPrivKey = NULL; ++ ECPrivateKey *ecPriv; ++ SECItem *lowPubValue = NULL; ++ SECItem item; ++ SECStatus rv; + + crv = CKR_OK; /*paranoia, already get's set before we drop to the end */ +- /* FIPS 140-2 requires we verify that the resulting key is a valid key. +- * The easiest way to do this is to do a derive operation, which checks +- * the validity of the key */ +- ++ /* FIPS 140-3 requires we verify that the resulting key is a valid key ++ * by recalculating the public can an compare it to our own public ++ * key. */ ++ lowPrivKey = sftk_GetPrivKey(privateKey, keyType, &crv); ++ if (lowPrivKey == NULL) { ++ return sftk_MapCryptError(PORT_GetError()); ++ } ++ /* recalculate the public key from the private key */ + switch (keyType) { +- case CKK_DH: +- mech.mechanism = CKM_DH_PKCS_DERIVE; +- pubAttribute = sftk_FindAttribute(publicKey, CKA_VALUE); +- if (pubAttribute == NULL) { +- return CKR_DEVICE_ERROR; +- } +- mech.pParameter = pubAttribute->attrib.pValue; +- mech.ulParameterLen = pubAttribute->attrib.ulValueLen; +- break; +- case CKK_EC: +- mech.mechanism = CKM_ECDH1_DERIVE; +- pubAttribute = sftk_FindAttribute(publicKey, CKA_EC_POINT); +- if (pubAttribute == NULL) { +- return CKR_DEVICE_ERROR; +- } +- ecParams.kdf = CKD_NULL; +- ecParams.ulSharedDataLen = 0; +- ecParams.pSharedData = NULL; +- ecParams.ulPublicDataLen = pubAttribute->attrib.ulValueLen; +- ecParams.pPublicData = pubAttribute->attrib.pValue; +- mech.pParameter = &ecParams; +- mech.ulParameterLen = sizeof(ecParams); +- break; +- default: +- return CKR_DEVICE_ERROR; ++ case CKK_DH: ++ rv = DH_Derive(&lowPrivKey->u.dh.base, &lowPrivKey->u.dh.prime, ++ &lowPrivKey->u.dh.privateValue, &item, 0); ++ if (rv != SECSuccess) { ++ return CKR_GENERAL_ERROR; ++ } ++ lowPubValue = SECITEM_DupItem(&item); ++ SECITEM_ZfreeItem(&item, PR_FALSE); ++ pubAttribute = sftk_FindAttribute(publicKey, CKA_VALUE); ++ break; ++ case CKK_EC: ++ rv = EC_NewKeyFromSeed(&lowPrivKey->u.ec.ecParams, &ecPriv, ++ lowPrivKey->u.ec.privateValue.data, ++ lowPrivKey->u.ec.privateValue.len); ++ if (rv != SECSuccess) { ++ return CKR_GENERAL_ERROR; ++ } ++ /* make sure it has the same encoding */ ++ if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT") || ++ lowPrivKey->u.ec.ecParams.type != ec_params_named) { ++ lowPubValue = SECITEM_DupItem(&ecPriv->publicValue); ++ } else { ++ lowPubValue = SEC_ASN1EncodeItem(NULL, NULL, &ecPriv->publicValue, ++ SEC_ASN1_GET(SEC_OctetStringTemplate));; ++ } ++ pubAttribute = sftk_FindAttribute(publicKey, CKA_EC_POINT); ++ /* clear out our generated private key */ ++ PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); ++ break; ++ default: ++ return CKR_DEVICE_ERROR; + } + +- crv = NSC_DeriveKey(hSession, &mech, privateKey->handle, template, templateCount, &newKey); +- if (crv != CKR_OK) { +- sftk_FreeAttribute(pubAttribute); +- return crv; ++ /* now compare new public key with our already generated key */ ++ if ((pubAttribute == NULL) || (lowPubValue == NULL) || ++ (pubAttribute->attrib.ulValueLen != lowPubValue->len) || ++ (PORT_Memcmp(pubAttribute->attrib.pValue, lowPubValue->data, ++ lowPubValue->len) != 0)) { ++ if (pubAttribute) sftk_FreeAttribute(pubAttribute); ++ if (lowPubValue) SECITEM_ZfreeItem(lowPubValue, PR_TRUE); ++ PORT_SetError(SEC_ERROR_BAD_KEY); ++ return CKR_GENERAL_ERROR; + } ++ SECITEM_ZfreeItem(lowPubValue, PR_TRUE); ++ + /* FIPS requires full validation, but in fipx mode NSC_Derive + * only does partial validation with approved primes, now handle + * full validation */ +@@ -5260,44 +5270,78 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + SECItem pubKey; + SECItem prime; + SECItem subPrime; ++ SECItem base; ++ SECItem generator; + const SECItem *subPrimePtr = &subPrime; + + pubKey.data = pubAttribute->attrib.pValue; + pubKey.len = pubAttribute->attrib.ulValueLen; +- prime.data = subPrime.data = NULL; +- prime.len = subPrime.len = 0; ++ base.data = prime.data = subPrime.data = NULL; ++ base.len = prime.len = subPrime.len = 0; + crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); + if (crv != CKR_OK) { + goto done; + } +- crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); ++ crv = sftk_Attribute2SecItem(NULL, &base, privateKey, CKA_BASE); ++ if (crv != CKR_OK) { ++ goto done; ++ } + /* we ignore the return code an only look at the length */ +- if (subPrime.len == 0) { +- /* subprime not supplied, In this case look it up. +- * This only works with approved primes, but in FIPS mode +- * that's the only kine of prime that will get here */ +- subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS); +- if (subPrimePtr == NULL) { +- crv = CKR_GENERAL_ERROR; ++ /* do we have a known prime ? */ ++ subPrimePtr = sftk_VerifyDH_Prime(&prime, &generator, isFIPS); ++ if (subPrimePtr == NULL) { ++ if (subPrime.len == 0) { ++ /* if not a known prime, subprime must be supplied */ ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto done; ++ } else { ++ /* not a known prime, check for primality of prime ++ * and subPrime */ ++ if (!KEA_PrimeCheck(&prime)) { ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto done; ++ } ++ if (!KEA_PrimeCheck(&subPrime)) { ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto done; ++ } ++ /* if we aren't using a defined group, make sure base is in the ++ * subgroup. If it's not, then our key could fail or succeed sometimes. ++ * This makes the failure reliable */ ++ if (!KEA_Verify(&base, &prime, (SECItem *)subPrimePtr)) { ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; ++ } ++ } ++ subPrimePtr = &subPrime; ++ } else { ++ /* we're using a known group, make sure we are using the known generator for that group */ ++ if (SECITEM_CompareItem(&generator, &base) != 0) { ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; + goto done; + } ++ if (subPrime.len != 0) { ++ /* we have a known prime and a supplied subPrime, ++ * make sure the subPrime matches the subPrime for ++ * the known Prime */ ++ if (SECITEM_CompareItem(subPrimePtr, &subPrime) != 0) { ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto done; ++ } ++ } + } + if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) { +- crv = CKR_GENERAL_ERROR; ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; + } + done: ++ SECITEM_ZfreeItem(&base, PR_FALSE); + SECITEM_ZfreeItem(&subPrime, PR_FALSE); + SECITEM_ZfreeItem(&prime, PR_FALSE); + } + /* clean up before we return */ + sftk_FreeAttribute(pubAttribute); +- crv2 = NSC_DestroyObject(hSession, newKey); + if (crv != CKR_OK) { + return crv; + } +- if (crv2 != CKR_OK) { +- return crv2; +- } + } + + return CKR_OK; +@@ -5925,8 +5969,8 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + * created and linked. + */ + crv = sftk_handleObject(publicKey, session); +- sftk_FreeSession(session); + if (crv != CKR_OK) { ++ sftk_FreeSession(session); + sftk_FreeObject(publicKey); + NSC_DestroyObject(hSession, privateKey->handle); + sftk_FreeObject(privateKey); +@@ -5968,6 +6012,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + } + + if (crv != CKR_OK) { ++ sftk_FreeSession(session); + NSC_DestroyObject(hSession, publicKey->handle); + sftk_FreeObject(publicKey); + NSC_DestroyObject(hSession, privateKey->handle); +@@ -5977,6 +6022,8 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + /* we need to do this check at the end to make sure the generated key meets the key length requirements */ + privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE_KEY_PAIR, privateKey); + publicKey->isFIPS = privateKey->isFIPS; ++ session->lastOpWasFIPS = privateKey->isFIPS; ++ sftk_FreeSession(session); + + *phPrivateKey = privateKey->handle; + *phPublicKey = publicKey->handle; +@@ -8610,7 +8657,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + + /* if the prime is an approved prime, we can skip all the other + * checks. */ +- subPrime = sftk_VerifyDH_Prime(&dhPrime, isFIPS); ++ subPrime = sftk_VerifyDH_Prime(&dhPrime, NULL, isFIPS); + if (subPrime == NULL) { + SECItem dhSubPrime; + /* If the caller set the subprime value, it means that +@@ -8792,6 +8839,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + secretlen = tmp.len; + } else { + secretlen = keySize; ++ key->isFIPS = PR_FALSE; + crv = sftk_ANSI_X9_63_kdf(&secret, keySize, + &tmp, mechParams->pSharedData, + mechParams->ulSharedDataLen, mechParams->kdf); +diff -up ./lib/softoken/pkcs11i.h.fips-review ./lib/softoken/pkcs11i.h +--- ./lib/softoken/pkcs11i.h.fips-review 2024-06-12 12:04:10.638360392 -0700 ++++ ./lib/softoken/pkcs11i.h 2024-06-12 12:04:10.640360416 -0700 +@@ -971,7 +971,7 @@ char **NSC_ModuleDBFunc(unsigned long fu + /* dh verify functions */ + /* verify that dhPrime matches one of our known primes, and if so return + * it's subprime value */ +-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS); ++const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, SECItem *generator, PRBool isFIPS); + /* check if dhSubPrime claims dhPrime is a safe prime. */ + SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); + /* map an operation Attribute to a Mechanism flag */ +diff -up ./lib/softoken/pkcs11u.c.fips-review ./lib/softoken/pkcs11u.c +--- ./lib/softoken/pkcs11u.c.fips-review 2024-06-12 12:04:10.638360392 -0700 ++++ ./lib/softoken/pkcs11u.c 2024-06-12 12:04:10.640360416 -0700 +@@ -2409,15 +2409,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + switch (mechInfo->special) { + case SFTKFIPSDH: { + SECItem dhPrime; ++ SECItem dhBase; ++ SECItem dhGenerator; ++ PRBool val = PR_FALSE; + const SECItem *dhSubPrime; + CK_RV crv = sftk_Attribute2SecItem(NULL, &dhPrime, + source, CKA_PRIME); + if (crv != CKR_OK) { + return PR_FALSE; + } +- dhSubPrime = sftk_VerifyDH_Prime(&dhPrime, PR_TRUE); ++ crv = sftk_Attribute2SecItem(NULL, &dhBase, source, CKA_BASE); ++ if (crv != CKR_OK) { ++ return PR_FALSE; ++ } ++ dhSubPrime = sftk_VerifyDH_Prime(&dhPrime, &dhGenerator, PR_TRUE); ++ val = (dhSubPrime) ? PR_TRUE : PR_FALSE; ++ if (val && (SECITEM_CompareItem(&dhBase, &dhGenerator) != 0)) { ++ val = PR_FALSE; ++ } + SECITEM_ZfreeItem(&dhPrime, PR_FALSE); +- return (dhSubPrime) ? PR_TRUE : PR_FALSE; ++ SECITEM_ZfreeItem(&dhBase, PR_FALSE); ++ return val; + } + case SFTKFIPSNone: + return PR_FALSE; +diff -up ./lib/softoken/sftkdhverify.c.fips-review ./lib/softoken/sftkdhverify.c +--- ./lib/softoken/sftkdhverify.c.fips-review 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/softoken/sftkdhverify.c 2024-06-12 12:04:10.641360427 -0700 +@@ -6726,11 +6726,20 @@ static const SECItem subprime_tls_8192 = + (unsigned char *)subprime_tls_8192_data, + sizeof(subprime_tls_8192_data) }; + ++/* generator for all the groups is 2 */ ++static const unsigned char generator_2_data[] = { 2 }; ++ ++ ++static const SECItem generator_2 = ++ { siBuffer, ++ (unsigned char *)generator_2_data, ++ sizeof(generator_2_data) }; ++ + /* + * verify that dhPrime matches one of our known primes + */ + const SECItem * +-sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS) ++sftk_VerifyDH_Prime(SECItem *dhPrime, SECItem *g, PRBool isFIPS) + { + /* use the length to decide which primes to check */ + switch (dhPrime->len) { +@@ -6741,56 +6750,67 @@ sftk_VerifyDH_Prime(SECItem *dhPrime, PR + } + if (PORT_Memcmp(dhPrime->data, prime_ike_1536, + sizeof(prime_ike_1536)) == 0) { ++ if (g) *g = generator_2; + return &subprime_ike_1536; + } + break; + case 2048 / PR_BITS_PER_BYTE: + if (PORT_Memcmp(dhPrime->data, prime_tls_2048, + sizeof(prime_tls_2048)) == 0) { ++ if (g) *g = generator_2; + return &subprime_tls_2048; + } + if (PORT_Memcmp(dhPrime->data, prime_ike_2048, + sizeof(prime_ike_2048)) == 0) { ++ if (g) *g = generator_2; + return &subprime_ike_2048; + } + break; + case 3072 / PR_BITS_PER_BYTE: + if (PORT_Memcmp(dhPrime->data, prime_tls_3072, + sizeof(prime_tls_3072)) == 0) { ++ if (g) *g = generator_2; + return &subprime_tls_3072; + } + if (PORT_Memcmp(dhPrime->data, prime_ike_3072, + sizeof(prime_ike_3072)) == 0) { ++ if (g) *g = generator_2; + return &subprime_ike_3072; + } + break; + case 4096 / PR_BITS_PER_BYTE: + if (PORT_Memcmp(dhPrime->data, prime_tls_4096, + sizeof(prime_tls_4096)) == 0) { ++ if (g) *g = generator_2; + return &subprime_tls_4096; + } + if (PORT_Memcmp(dhPrime->data, prime_ike_4096, + sizeof(prime_ike_4096)) == 0) { ++ if (g) *g = generator_2; + return &subprime_ike_4096; + } + break; + case 6144 / PR_BITS_PER_BYTE: + if (PORT_Memcmp(dhPrime->data, prime_tls_6144, + sizeof(prime_tls_6144)) == 0) { ++ if (g) *g = generator_2; + return &subprime_tls_6144; + } + if (PORT_Memcmp(dhPrime->data, prime_ike_6144, + sizeof(prime_ike_6144)) == 0) { ++ if (g) *g = generator_2; + return &subprime_ike_6144; + } + break; + case 8192 / PR_BITS_PER_BYTE: + if (PORT_Memcmp(dhPrime->data, prime_tls_8192, + sizeof(prime_tls_8192)) == 0) { ++ if (g) *g = generator_2; + return &subprime_tls_8192; + } + if (PORT_Memcmp(dhPrime->data, prime_ike_8192, + sizeof(prime_ike_8192)) == 0) { ++ if (g) *g = generator_2; + return &subprime_ike_8192; + } + break; +diff -up ./lib/softoken/sftkike.c.fips-review ./lib/softoken/sftkike.c +--- ./lib/softoken/sftkike.c.fips-review 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/softoken/sftkike.c 2024-06-12 12:04:10.641360427 -0700 +@@ -516,6 +516,11 @@ sftk_ike_prf(CK_SESSION_HANDLE hSession, + goto fail; + } + } else { ++ /* ikev1 isn't validated, if we use this function in ikev1 mode, ++ * mark the resulting key as not FIPS */ ++ if (!params->bRekey) { ++ outKey->isFIPS = PR_FALSE; ++ } + crv = prf_init(&context, inKey->attrib.pValue, + inKey->attrib.ulValueLen); + if (crv != CKR_OK) { diff --git a/SOURCES/nss-3.101-fix-cavs-test.patch b/SOURCES/nss-3.101-fix-cavs-test.patch new file mode 100644 index 0000000..66eb81e --- /dev/null +++ b/SOURCES/nss-3.101-fix-cavs-test.patch @@ -0,0 +1,12 @@ +diff -up ./tests/fips/cavs_scripts/validate1.sh.fix_cavs ./tests/fips/cavs_scripts/validate1.sh +--- ./tests/fips/cavs_scripts/validate1.sh.fix_cavs 2024-09-12 14:39:41.421586862 -0700 ++++ ./tests/fips/cavs_scripts/validate1.sh 2024-09-12 14:39:55.036747283 -0700 +@@ -21,7 +21,7 @@ name=`basename $request .req` + echo ">>>>> $name" + sed -e 's; ;;g' -e 's; ; ;g' -e '/^#/d' $extraneous_response ${TESTDIR}/resp/${name}.rsp > /tmp/y1 + # if we didn't generate any output, flag that as an error +-size=`sum /tmp/y1 | awk '{ print $NF }'` ++size=`sum /tmp/y1 | awk '{ print $1 }'` + if [ $size -eq 0 ]; then + echo "${TESTDIR}/resp/${name}.rsp: empty" + exit 1; diff --git a/SOURCES/nss-3.101-fix-cms-abi-break.patch b/SOURCES/nss-3.101-fix-cms-abi-break.patch new file mode 100644 index 0000000..c60fab6 --- /dev/null +++ b/SOURCES/nss-3.101-fix-cms-abi-break.patch @@ -0,0 +1,115 @@ +diff -up ./lib/smime/cmsasn1.c.restore_abi ./lib/smime/cmsasn1.c +--- ./lib/smime/cmsasn1.c.restore_abi 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/smime/cmsasn1.c 2024-09-06 18:05:27.808338289 -0700 +@@ -350,7 +350,7 @@ static const SEC_ASN1Template NSSCMSKeyA + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, + offsetof(NSSCMSKeyAgreeRecipientInfo, ukm), +- SEC_ASN1_SUB(SEC_OctetStringTemplate) }, ++ SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, + offsetof(NSSCMSKeyAgreeRecipientInfo, keyEncAlg), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, +diff -up ./lib/smime/cmslocal.h.restore_abi ./lib/smime/cmslocal.h +--- ./lib/smime/cmslocal.h.restore_abi 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/smime/cmslocal.h 2024-09-06 18:04:47.647863624 -0700 +@@ -174,7 +174,7 @@ NSS_CMSUtil_DecryptSymKey_RSA_OAEP(SECKE + + extern SECStatus + NSS_CMSUtil_EncryptSymKey_ESECDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key, +- SECItem *encKey, PRBool genUkm, SECItem *ukm, ++ SECItem *encKey, PRBool genUkm, SECItem **ukm, + SECAlgorithmID *keyEncAlg, SECItem *originatorPubKey, void *wincx); + + PK11SymKey * +diff -up ./lib/smime/cmspubkey.c.restore_abi ./lib/smime/cmspubkey.c +--- ./lib/smime/cmspubkey.c.restore_abi 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/smime/cmspubkey.c 2024-09-06 18:04:47.647863624 -0700 +@@ -292,9 +292,15 @@ Create_ECC_CMS_SharedInfo(PLArenaPool *p + unsigned char suppPubInfo[4] = { 0 }; + + SI.keyInfo = keyInfo; +- SI.entityUInfo.type = ukm->type; +- SI.entityUInfo.data = ukm->data; +- SI.entityUInfo.len = ukm->len; ++ if (ukm) { ++ SI.entityUInfo.type = ukm->type; ++ SI.entityUInfo.data = ukm->data; ++ SI.entityUInfo.len = ukm->len; ++ } else { ++ SI.entityUInfo.type = siBuffer; ++ SI.entityUInfo.data = NULL; ++ SI.entityUInfo.len = 0; ++ } + + SI.suppPubInfo.type = siBuffer; + SI.suppPubInfo.data = suppPubInfo; +@@ -322,7 +328,7 @@ Create_ECC_CMS_SharedInfo(PLArenaPool *p + SECStatus + NSS_CMSUtil_EncryptSymKey_ESECDH(PLArenaPool *poolp, CERTCertificate *cert, + PK11SymKey *bulkkey, SECItem *encKey, +- PRBool genUkm, SECItem *ukm, ++ PRBool genUkm, SECItem **ukmp, + SECAlgorithmID *keyEncAlg, SECItem *pubKey, + void *wincx) + { +@@ -337,10 +343,11 @@ NSS_CMSUtil_EncryptSymKey_ESECDH(PLArena + SECAlgorithmID keyWrapAlg; + SECOidTag keyEncAlgtag; + SECItem keyWrapAlg_params, *keyEncAlg_params, *SharedInfo; ++ SECItem *ukm = *ukmp; + CK_MECHANISM_TYPE keyDerivationType, keyWrapMech; + CK_ULONG kdf; + +- if (genUkm && (ukm->len != 0 || ukm->data != NULL)) { ++ if (genUkm && (ukm != NULL)) { + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return SECFailure; + } +@@ -427,17 +434,17 @@ NSS_CMSUtil_EncryptSymKey_ESECDH(PLArena + * contain 512 bits for Diffie-Hellman key agreement. */ + + if (genUkm) { +- ukm->type = siBuffer; +- ukm->len = 64; +- ukm->data = (unsigned char *)PORT_ArenaAlloc(poolp, ukm->len); +- +- if (ukm->data == NULL) { ++ ukm = SECITEM_AllocItem(poolp, NULL, 64); ++ if (ukm == NULL) { + goto loser; + } ++ ukm->type = siBuffer; ++ + rv = PK11_GenerateRandom(ukm->data, ukm->len); + if (rv != SECSuccess) { + goto loser; + } ++ *ukmp = ukm; /* return it */ + } + + SharedInfo = Create_ECC_CMS_SharedInfo(poolp, &keyWrapAlg, +diff -up ./lib/smime/cmsrecinfo.c.restore_abi ./lib/smime/cmsrecinfo.c +--- ./lib/smime/cmsrecinfo.c.restore_abi 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/smime/cmsrecinfo.c 2024-09-06 18:04:47.647863624 -0700 +@@ -582,7 +582,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCM + parameters = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg.parameters); + enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); + oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey); +- ukm = &(ri->ri.keyAgreeRecipientInfo.ukm); ++ ukm = ri->ri.keyAgreeRecipientInfo.ukm; + break; + case NSSCMSRecipientInfoID_KEK: + algid = &(ri->ri.kekRecipientInfo.keyEncAlg); +diff -up ./lib/smime/cmst.h.restore_abi ./lib/smime/cmst.h +--- ./lib/smime/cmst.h.restore_abi 2024-06-07 09:26:03.000000000 -0700 ++++ ./lib/smime/cmst.h 2024-09-06 18:04:47.647863624 -0700 +@@ -376,7 +376,7 @@ typedef struct NSSCMSRecipientEncryptedK + struct NSSCMSKeyAgreeRecipientInfoStr { + SECItem version; + NSSCMSOriginatorIdentifierOrKey originatorIdentifierOrKey; +- SECItem ukm; /* optional */ ++ SECItem *ukm; /* optional */ + SECAlgorithmID keyEncAlg; + NSSCMSRecipientEncryptedKey **recipientEncryptedKeys; + }; diff --git a/SOURCES/nss-3.101-fix-missing-size-checks.patch b/SOURCES/nss-3.101-fix-missing-size-checks.patch new file mode 100644 index 0000000..067296c --- /dev/null +++ b/SOURCES/nss-3.101-fix-missing-size-checks.patch @@ -0,0 +1,126 @@ +diff --git a/gtests/ssl_gtest/tls_subcerts_unittest.cc b/gtests/ssl_gtest/tls_subcerts_unittest.cc +--- a/gtests/ssl_gtest/tls_subcerts_unittest.cc ++++ b/gtests/ssl_gtest/tls_subcerts_unittest.cc +@@ -371,16 +371,21 @@ static void GenerateWeakRsaKey(ScopedSEC + // Fail to connect with a weak RSA key. + TEST_P(TlsConnectTls13, DCWeakKey) { + Reset(kPssDelegatorId); + EnsureTlsSetup(); + static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pss_rsae_sha256, + ssl_sig_rsa_pss_pss_sha256}; + client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); ++ PRInt32 keySizeFlags; ++ ASSERT_EQ(SECSuccess, NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &keySizeFlags)); ++ // turn off the signing key sizes so we actually test the ssl tests ++ ASSERT_EQ(SECSuccess, ++ NSS_OptionSet(NSS_KEY_SIZE_POLICY_FLAGS, NSS_KEY_SIZE_POLICY_SSL_FLAG )); + #if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY + // save the MIN POLICY length. + PRInt32 minRsa; + + ASSERT_EQ(SECSuccess, NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minRsa)); + #if RSA_MIN_MODULUS_BITS >= 2048 + ASSERT_EQ(SECSuccess, + NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, RSA_MIN_MODULUS_BITS + 1024)); +@@ -408,16 +413,17 @@ TEST_P(TlsConnectTls13, DCWeakKey) { + client_->EnableDelegatedCredentials(); + + auto cfilter = MakeTlsFilter( + client_, ssl_delegated_credentials_xtn); + ConnectExpectAlert(client_, kTlsAlertInsufficientSecurity); + #if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY + ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, minRsa)); + #endif ++ ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_KEY_SIZE_POLICY_FLAGS, keySizeFlags)); + } + + class ReplaceDCSigScheme : public TlsHandshakeFilter { + public: + ReplaceDCSigScheme(const std::shared_ptr& a) + : TlsHandshakeFilter(a, {ssl_hs_certificate_verify}) {} + + protected: +diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c +--- a/lib/cryptohi/seckey.c ++++ b/lib/cryptohi/seckey.c +@@ -1134,22 +1134,31 @@ SECKEY_PrivateKeyStrengthInBits(const SE + return 0; + } + + /* interpret modulus length as key strength */ + switch (privk->keyType) { + case rsaKey: + case rsaPssKey: + case rsaOaepKey: +- /* some tokens don't export CKA_MODULUS on the private key, +- * PK11_SignatureLen works around this if necessary */ +- bitSize = PK11_SignatureLen((SECKEYPrivateKey *)privk) * PR_BITS_PER_BYTE; +- if (bitSize == -1) { +- bitSize = 0; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, ++ CKA_MODULUS, NULL, ¶ms); ++ if ((rv != SECSuccess) || (params.data == NULL)) { ++ /* some tokens don't export CKA_MODULUS on the private key, ++ * PK11_SignatureLen works around this if necessary. This ++ * method is less percise because it returns bytes instead ++ * bits, so we only do it if we can't get the modulus */ ++ bitSize = PK11_SignatureLen((SECKEYPrivateKey *)privk) * PR_BITS_PER_BYTE; ++ if (bitSize == -1) { ++ return 0; ++ } ++ return bitSize; + } ++ bitSize = SECKEY_BigIntegerBitLength(¶ms); ++ PORT_Free(params.data); + return bitSize; + case dsaKey: + case fortezzaKey: + case dhKey: + case keaKey: + rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, + CKA_PRIME, NULL, ¶ms); + if ((rv != SECSuccess) || (params.data == NULL)) { +diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c +--- a/lib/ssl/ssl3con.c ++++ b/lib/ssl/ssl3con.c +@@ -1277,27 +1277,39 @@ ssl3_SignHashesWithPrivKey(SSL3Hashes *h + PORT_SetError(SEC_ERROR_INVALID_KEY); + goto done; + } + PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); + + if (useRsaPss || hash->hashAlg == ssl_hash_none) { + CK_MECHANISM_TYPE mech = PK11_MapSignKeyType(key->keyType); + int signatureLen = PK11_SignatureLen(key); ++ PRInt32 optval; + + SECItem *params = NULL; + CK_RSA_PKCS_PSS_PARAMS pssParams; + SECItem pssParamsItem = { siBuffer, + (unsigned char *)&pssParams, + sizeof(pssParams) }; + + if (signatureLen <= 0) { + PORT_SetError(SEC_ERROR_INVALID_KEY); + goto done; + } ++ /* since we are calling PK11_SignWithMechanism directly, we need to check the ++ * key policy ourselves (which is already checked in SGN_Digest */ ++ rv = NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optval); ++ if ((rv == SECSuccess) && ++ ((optval & NSS_KEY_SIZE_POLICY_SIGN_FLAG) == NSS_KEY_SIZE_POLICY_SIGN_FLAG)) { ++ rv = SECKEY_EnforceKeySize(key->keyType, SECKEY_PrivateKeyStrengthInBits(key), ++ SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); ++ if (rv != SECSuccess) { ++ goto done; /* error code already set */ ++ } ++ } + + buf->len = (unsigned)signatureLen; + buf->data = (unsigned char *)PORT_Alloc(signatureLen); + if (!buf->data) + goto done; /* error code was set. */ + + if (useRsaPss) { + pssParams.hashAlg = ssl3_GetHashMechanismByHashType(hash->hashAlg); diff --git a/SOURCES/nss-3.101-fix-pkcs12-md5-decode.patch b/SOURCES/nss-3.101-fix-pkcs12-md5-decode.patch new file mode 100644 index 0000000..a461852 --- /dev/null +++ b/SOURCES/nss-3.101-fix-pkcs12-md5-decode.patch @@ -0,0 +1,43 @@ +diff --git a/lib/util/nsshash.c b/lib/util/nsshash.c +--- a/lib/util/nsshash.c ++++ b/lib/util/nsshash.c +@@ -102,16 +102,19 @@ HASH_GetHashOidTagByHashType(HASH_HashTy + SECOidTag + HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid) + { + SECOidTag hashOid = SEC_OID_UNKNOWN; + + switch (hmacOid) { + /* no oid exists for HMAC_MD2 */ + /* NSS does not define a oid for HMAC_MD4 */ ++ case SEC_OID_HMAC_MD5: ++ hashOid = SEC_OID_MD5; ++ break; + case SEC_OID_HMAC_SHA1: + hashOid = SEC_OID_SHA1; + break; + case SEC_OID_HMAC_SHA224: + hashOid = SEC_OID_SHA224; + break; + case SEC_OID_HMAC_SHA256: + hashOid = SEC_OID_SHA256; +@@ -145,16 +148,19 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag + SECOidTag + HASH_GetHMACOidTagByHashOidTag(SECOidTag hashOid) + { + SECOidTag hmacOid = SEC_OID_UNKNOWN; + + switch (hashOid) { + /* no oid exists for HMAC_MD2 */ + /* NSS does not define a oid for HMAC_MD4 */ ++ case SEC_OID_MD5: ++ hmacOid = SEC_OID_HMAC_MD5; ++ break; + case SEC_OID_SHA1: + hmacOid = SEC_OID_HMAC_SHA1; + break; + case SEC_OID_SHA224: + hmacOid = SEC_OID_HMAC_SHA224; + break; + case SEC_OID_SHA256: + hmacOid = SEC_OID_HMAC_SHA256; diff --git a/SOURCES/nss-3.101-fix-pkcs12-pbkdf1-encoding.patch b/SOURCES/nss-3.101-fix-pkcs12-pbkdf1-encoding.patch new file mode 100644 index 0000000..881a7c8 --- /dev/null +++ b/SOURCES/nss-3.101-fix-pkcs12-pbkdf1-encoding.patch @@ -0,0 +1,121 @@ +diff --git a/lib/pk11wrap/pk11mech.c b/lib/pk11wrap/pk11mech.c +--- a/lib/pk11wrap/pk11mech.c ++++ b/lib/pk11wrap/pk11mech.c +@@ -1710,20 +1710,26 @@ PK11_ParamToAlgid(SECOidTag algTag, SECI + case CKM_BATON_ECB96: + case CKM_BATON_CBC128: + case CKM_BATON_COUNTER: + case CKM_BATON_SHUFFLE: + case CKM_JUNIPER_ECB128: + case CKM_JUNIPER_CBC128: + case CKM_JUNIPER_COUNTER: + case CKM_JUNIPER_SHUFFLE: +- newParams = SEC_ASN1EncodeItem(NULL, NULL, param, +- SEC_ASN1_GET(SEC_OctetStringTemplate)); +- if (newParams == NULL) +- break; ++ /* if no parameters have been supplied, then encode a NULL params ++ */ ++ if (param && param->len > 0) { ++ newParams = SEC_ASN1EncodeItem(NULL, NULL, param, ++ SEC_ASN1_GET(SEC_OctetStringTemplate)); ++ if (newParams == NULL) ++ break; ++ } else { ++ newParams = NULL; ++ } + rv = SECSuccess; + break; + } + + if (rv != SECSuccess) { + if (newParams) + SECITEM_FreeItem(newParams, PR_TRUE); + return rv; +diff --git a/lib/pk11wrap/pk11pbe.c b/lib/pk11wrap/pk11pbe.c +--- a/lib/pk11wrap/pk11pbe.c ++++ b/lib/pk11wrap/pk11pbe.c +@@ -765,45 +765,53 @@ sec_pkcs5CreateAlgorithmID(SECOidTag alg + * algorithm is). We use choose this algorithm oid based on the + * cipherAlgorithm to determine what this should be (MAC1 or PBES2). + */ + if (algorithm == SEC_OID_PKCS5_PBKDF2) { + /* choose mac or pbes */ + algorithm = sec_pkcs5v2_get_pbe(cipherAlgorithm); + } + ++ SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm); ++ + /* set the PKCS5v2 specific parameters */ + if (keyLength == 0) { +- SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm); + if (hashAlg != SEC_OID_UNKNOWN) { + keyLength = HASH_ResultLenByOidTag(hashAlg); + } else { + keyLength = sec_pkcs5v2_default_key_length(cipherAlgorithm); + } + if (keyLength <= 0) { + goto loser; + } + } + /* currently SEC_OID_HMAC_SHA1 is the default */ + if (prfAlg == SEC_OID_UNKNOWN) { + prfAlg = SEC_OID_HMAC_SHA1; + } + +- /* build the PKCS5v2 cipher algorithm id */ +- cipherParams = pk11_GenerateNewParamWithKeyLen( +- PK11_AlgtagToMechanism(cipherAlgorithm), keyLength); +- if (!cipherParams) { +- goto loser; ++ /* build the PKCS5v2 cipher algorithm id, if cipher ++ * is an HMAC, the cipherParams should be NULL */ ++ if (hashAlg == SEC_OID_UNKNOWN) { ++ cipherParams = pk11_GenerateNewParamWithKeyLen( ++ PK11_AlgtagToMechanism(cipherAlgorithm), keyLength); ++ if (!cipherParams) { ++ goto loser; ++ } ++ } else { ++ cipherParams = NULL; + } + + PORT_Memset(&pbeV2_param, 0, sizeof(pbeV2_param)); + + rv = PK11_ParamToAlgid(cipherAlgorithm, cipherParams, + poolp, &pbeV2_param.cipherAlgId); +- SECITEM_FreeItem(cipherParams, PR_TRUE); ++ if (cipherParams) { ++ SECITEM_FreeItem(cipherParams, PR_TRUE); ++ } + if (rv != SECSuccess) { + goto loser; + } + } + + /* generate the parameter */ + pbe_param = sec_pkcs5_create_pbe_parameter(pbeAlgorithm, salt, iteration, + keyLength, prfAlg); +diff --git a/lib/util/secalgid.c b/lib/util/secalgid.c +--- a/lib/util/secalgid.c ++++ b/lib/util/secalgid.c +@@ -50,17 +50,18 @@ SECOID_SetAlgorithmID(PLArenaPool *arena + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + if (SECITEM_CopyItem(arena, &id->algorithm, &oiddata->oid)) + return SECFailure; + + if ((secoid_IsRSAPKCS1(which)) || +- (HASH_GetHashTypeByOidTag(which) != HASH_AlgNULL)) { ++ (HASH_GetHashTypeByOidTag(which) != HASH_AlgNULL) /* || ++ (HASH_GetHashOidTagByHMACOidTag(which) != SEC_OID_UNKNOWN) */) { + add_null_param = PR_TRUE; + } else { + add_null_param = PR_FALSE; + } + + if (params) { + /* + * I am specifically *not* enforcing the following assertion diff --git a/SOURCES/nss-3.101-fix-rsa-policy-test.patch b/SOURCES/nss-3.101-fix-rsa-policy-test.patch new file mode 100644 index 0000000..d198548 --- /dev/null +++ b/SOURCES/nss-3.101-fix-rsa-policy-test.patch @@ -0,0 +1,12 @@ +diff -up ./tests/ssl/sslpolicy.txt.fix_rsa_policy ./tests/ssl/sslpolicy.txt +--- ./tests/ssl/sslpolicy.txt.fix_rsa_policy 2024-06-21 11:08:01.765937907 -0700 ++++ ./tests/ssl/sslpolicy.txt 2024-06-21 11:08:55.598540079 -0700 +@@ -195,7 +195,7 @@ + 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly + 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly + 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-verify Restrict RSA keys on signature verification +- 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-sign Restrict RSA keys on signing ++ 0 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-sign Restrict RSA keys on signing + 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-ssl Restrict RSA keys when used in SSL + 0 noECC SSL3 d allow=rsa-min=1023 Restrict RSA keys when used in SSL + # test default settings diff --git a/SOURCES/nss-3.101-long-pwd-fix.patch b/SOURCES/nss-3.101-long-pwd-fix.patch new file mode 100644 index 0000000..f5efcff --- /dev/null +++ b/SOURCES/nss-3.101-long-pwd-fix.patch @@ -0,0 +1,12 @@ +diff -up ./lib/pkcs12/p12local.c.long_pw_fix ./lib/pkcs12/p12local.c +--- ./lib/pkcs12/p12local.c.long_pw_fix 2024-09-06 17:58:39.905517185 -0700 ++++ ./lib/pkcs12/p12local.c 2024-09-06 17:59:19.568985976 -0700 +@@ -102,7 +102,7 @@ sec_pkcs12_integrity_key(PK11SlotInfo *s + *hmacMech = PK11_AlgtagToMechanism(hmacAlg); + /* pkcs12v2 hmac uses UTF8 rather than unicode */ + if (!sec_pkcs12_convert_item_to_unicode(NULL, &utf8Pw, pwitem, +- PR_TRUE, PR_FALSE, PR_FALSE)) { ++ PR_FALSE, PR_FALSE, PR_FALSE)) { + return NULL; + } + symKey = PK11_PBEKeyGen(slot, prfAlgid, &utf8Pw, PR_FALSE, pwarg); diff --git a/SOURCES/nss-3.101-skip-ocsp-if-not-connected.patch b/SOURCES/nss-3.101-skip-ocsp-if-not-connected.patch new file mode 100644 index 0000000..a0101fc --- /dev/null +++ b/SOURCES/nss-3.101-skip-ocsp-if-not-connected.patch @@ -0,0 +1,22 @@ +diff -up ./tests/ssl/ssl.sh.disable_ocsp_policy ./tests/ssl/ssl.sh +--- ./tests/ssl/ssl.sh.disable_ocsp_policy 2024-07-05 14:18:03.985453657 -0700 ++++ ./tests/ssl/ssl.sh 2024-07-05 14:21:59.308250122 -0700 +@@ -968,6 +968,18 @@ ssl_policy_pkix_ocsp() + #verbose="-v" + html_head "Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE" + ++ # if we are running on a build machine that can't tolerate external ++ # references don't run. ++ vfyserv -o wrong.host.badssl.com -d ${P_R_SERVERDIR} > ${P_R_SERVERDIR}/vfy2.out 2>&1 ++ RET=$? ; cat "${P_R_SERVERDIR}/vfy2.out" ++ # 5961 reset by peer ++ grep 5961 ${P_R_SERVERDIR}/vfy2.out ++ GRET=$? ; echo "OCSP: RET=$RET GRET=$GRET" ++ if [ $RET -ne 0 -o $GRET -eq 0 ]; then ++ echo "$SCRIPTNAME: skipping Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE - can't reach external servers" ++ return 0 ++ fi ++ + PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"} + unset NSS_DISABLE_LIBPKIX_VERIFY + diff --git a/SOURCES/nss-3.71-camellia-pkcs12-doc.patch b/SOURCES/nss-3.71-camellia-pkcs12-doc.patch new file mode 100644 index 0000000..f14b5a9 --- /dev/null +++ b/SOURCES/nss-3.71-camellia-pkcs12-doc.patch @@ -0,0 +1,20 @@ +diff -up ./doc/pk12util.xml.camellia ./doc/pk12util.xml +--- ./doc/pk12util.xml.camellia 2022-01-26 09:46:39.794919455 -0800 ++++ ./doc/pk12util.xml 2022-01-26 09:54:58.277019760 -0800 +@@ -317,7 +317,7 @@ Certificate Friendly Name: Thawte Fre + + + Password Encryption +- PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify "NONE" as the argument of the option. ++ PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify "NONE" as the argument of the option. + The private key is always protected with strong encryption by default. + Several types of ciphers are supported. + +@@ -327,6 +327,7 @@ Certificate Friendly Name: Thawte Fre + + + PBES2 with AES-CBC-Pad as underlying encryption scheme ("AES-128-CBC", "AES-192-CBC", and "AES-256-CBC") ++ PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme ("CAMELLIA-128-CBC", "CAMELLIA-192-CBC", and "CAMELLIA-256-CBC") + + + diff --git a/SOURCES/nss-3.71-fix-lto-gtests.patch b/SOURCES/nss-3.71-fix-lto-gtests.patch new file mode 100644 index 0000000..2699ca3 --- /dev/null +++ b/SOURCES/nss-3.71-fix-lto-gtests.patch @@ -0,0 +1,26 @@ +diff --git a/gtests/ssl_gtest/tls_subcerts_unittest.cc b/gtests/ssl_gtest/tls_subcerts_unittest.cc +--- a/gtests/ssl_gtest/tls_subcerts_unittest.cc ++++ b/gtests/ssl_gtest/tls_subcerts_unittest.cc +@@ -15,13 +15,22 @@ + #include "gtest_utils.h" + #include "tls_agent.h" + #include "tls_connect.h" ++#define LTO + + namespace nss_test { + ++#ifndef LTO ++// sigh this construction breaks LTO + const std::string kEcdsaDelegatorId = TlsAgent::kDelegatorEcdsa256; + const std::string kRsaeDelegatorId = TlsAgent::kDelegatorRsae2048; + const std::string kPssDelegatorId = TlsAgent::kDelegatorRsaPss2048; + const std::string kDCId = TlsAgent::kServerEcdsa256; ++#else ++#define kEcdsaDelegatorId TlsAgent::kDelegatorEcdsa256 ++#define kRsaeDelegatorId TlsAgent::kDelegatorRsae2048 ++#define kPssDelegatorId TlsAgent::kDelegatorRsaPss2048 ++#define kDCId TlsAgent::kServerEcdsa256 ++#endif + const SSLSignatureScheme kDCScheme = ssl_sig_ecdsa_secp256r1_sha256; + const PRUint32 kDCValidFor = 60 * 60 * 24 * 7 /* 1 week (seconds) */; + diff --git a/SOURCES/nss-3.79-distrusted-certs.patch b/SOURCES/nss-3.79-distrusted-certs.patch new file mode 100644 index 0000000..14a5b0c --- /dev/null +++ b/SOURCES/nss-3.79-distrusted-certs.patch @@ -0,0 +1,375 @@ +# HG changeset patch +# User John M. Schanck +# Date 1648094761 0 +# Thu Mar 24 04:06:01 2022 +0000 +# Node ID b722e523d66297fe4bc1fac0ebb06203138eccbb +# Parent 853b64626b19a46f41f4ba9c684490dc15923c94 +Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt. r=KathleenWilson + +Differential Revision: https://phabricator.services.mozilla.com/D141919 + +diff --git a/lib/ckfw/builtins/certdata.txt b/lib/ckfw/builtins/certdata.txt +--- a/lib/ckfw/builtins/certdata.txt ++++ b/lib/ckfw/builtins/certdata.txt +@@ -7663,197 +7663,16 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL + \377\377 + END + CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + + # +-# Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" +-# +-# Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL +-# Serial Number: 268435455 (0xfffffff) +-# Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL +-# Not Valid Before: Wed May 12 08:51:39 2010 +-# Not Valid After : Mon Mar 23 09:50:05 2020 +-# Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C +-# Fingerprint (SHA1): D5:F2:57:A9:BF:2D:D0:3F:8B:46:57:F9:2B:C9:A4:C6:92:E1:42:42 +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid G2" +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +-CKA_SUBJECT MULTILINE_OCTAL +-\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +-\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157 +-\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004 +-\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111 +-\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141 +-\156\151\163\141\164\151\145\040\055\040\107\062 +-END +-CKA_ID UTF8 "0" +-CKA_ISSUER MULTILINE_OCTAL +-\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +-\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157 +-\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004 +-\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111 +-\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141 +-\156\151\163\141\164\151\145\040\055\040\107\062 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\004\017\377\377\377 +-END +-CKA_VALUE MULTILINE_OCTAL +-\060\202\006\225\060\202\004\175\240\003\002\001\002\002\004\017 +-\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\013 +-\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 +-\114\061\027\060\025\006\003\125\004\012\014\016\104\151\147\151 +-\116\157\164\141\162\040\102\056\126\056\061\062\060\060\006\003 +-\125\004\003\014\051\104\151\147\151\116\157\164\141\162\040\120 +-\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\162 +-\147\141\156\151\163\141\164\151\145\040\055\040\107\062\060\036 +-\027\015\061\060\060\065\061\062\060\070\065\061\063\071\132\027 +-\015\062\060\060\063\062\063\060\071\065\060\060\065\132\060\132 +-\061\013\060\011\006\003\125\004\006\023\002\116\114\061\027\060 +-\025\006\003\125\004\012\014\016\104\151\147\151\116\157\164\141 +-\162\040\102\056\126\056\061\062\060\060\006\003\125\004\003\014 +-\051\104\151\147\151\116\157\164\141\162\040\120\113\111\157\166 +-\145\162\150\145\151\144\040\103\101\040\117\162\147\141\156\151 +-\163\141\164\151\145\040\055\040\107\062\060\202\002\042\060\015 +-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 +-\017\000\060\202\002\012\002\202\002\001\000\261\023\031\017\047 +-\346\154\324\125\206\113\320\354\211\212\105\221\170\254\107\275 +-\107\053\344\374\105\353\117\264\046\163\133\067\323\303\177\366 +-\343\336\327\243\370\055\150\305\010\076\113\224\326\344\207\045 +-\066\153\204\265\030\164\363\050\130\163\057\233\152\317\274\004 +-\036\366\336\335\257\374\113\252\365\333\146\142\045\001\045\202 +-\336\362\227\132\020\156\335\135\251\042\261\004\251\043\163\072 +-\370\161\255\035\317\204\104\353\107\321\257\155\310\174\050\253 +-\307\362\067\172\164\137\137\305\002\024\212\243\132\343\033\154 +-\001\343\135\216\331\150\326\364\011\033\062\334\221\265\054\365 +-\040\353\214\003\155\046\111\270\223\304\205\135\330\322\233\257 +-\126\152\314\005\063\314\240\102\236\064\125\104\234\153\240\324 +-\022\320\053\124\315\267\211\015\345\366\353\350\373\205\001\063 +-\117\172\153\361\235\162\063\226\016\367\262\204\245\245\047\304 +-\047\361\121\163\051\167\272\147\156\376\114\334\264\342\241\241 +-\201\057\071\111\215\103\070\023\316\320\245\134\302\207\072\000 +-\147\145\102\043\361\066\131\012\035\243\121\310\274\243\224\052 +-\061\337\343\074\362\235\032\074\004\260\357\261\012\060\023\163 +-\266\327\363\243\114\001\165\024\205\170\300\327\212\071\130\205 +-\120\372\056\346\305\276\317\213\077\257\217\066\324\045\011\055 +-\322\017\254\162\223\362\277\213\324\120\263\371\025\120\233\231 +-\365\024\331\373\213\221\243\062\046\046\240\370\337\073\140\201 +-\206\203\171\133\053\353\023\075\051\072\301\155\335\275\236\216 +-\207\326\112\256\064\227\005\356\024\246\366\334\070\176\112\351 +-\044\124\007\075\227\150\067\106\153\015\307\250\041\257\023\124 +-\344\011\152\361\115\106\012\311\135\373\233\117\275\336\373\267 +-\124\313\270\070\234\247\071\373\152\055\300\173\215\253\245\247 +-\127\354\112\222\212\063\305\341\040\134\163\330\220\222\053\200 +-\325\017\206\030\151\174\071\117\204\206\274\367\114\133\363\325 +-\264\312\240\302\360\067\042\312\171\122\037\123\346\252\363\220 +-\260\073\335\362\050\375\254\353\305\006\044\240\311\324\057\017 +-\130\375\265\236\354\017\317\262\131\320\242\004\172\070\152\256 +-\162\373\275\360\045\142\224\011\247\005\013\002\003\001\000\001 +-\243\202\001\141\060\202\001\135\060\110\006\003\125\035\040\004 +-\101\060\077\060\075\006\004\125\035\040\000\060\065\060\063\006 +-\010\053\006\001\005\005\007\002\001\026\047\150\164\164\160\072 +-\057\057\167\167\167\056\144\151\147\151\156\157\164\141\162\056 +-\156\154\057\143\160\163\057\160\153\151\157\166\145\162\150\145 +-\151\144\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +-\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +-\002\001\006\060\201\205\006\003\125\035\043\004\176\060\174\200 +-\024\071\020\213\111\222\134\333\141\022\040\315\111\235\032\216 +-\332\234\147\100\271\241\136\244\134\060\132\061\013\060\011\006 +-\003\125\004\006\023\002\116\114\061\036\060\034\006\003\125\004 +-\012\014\025\123\164\141\141\164\040\144\145\162\040\116\145\144 +-\145\162\154\141\156\144\145\156\061\053\060\051\006\003\125\004 +-\003\014\042\123\164\141\141\164\040\144\145\162\040\116\145\144 +-\145\162\154\141\156\144\145\156\040\122\157\157\164\040\103\101 +-\040\055\040\107\062\202\004\000\230\226\364\060\111\006\003\125 +-\035\037\004\102\060\100\060\076\240\074\240\072\206\070\150\164 +-\164\160\072\057\057\143\162\154\056\160\153\151\157\166\145\162 +-\150\145\151\144\056\156\154\057\104\157\155\117\162\147\141\156 +-\151\163\141\164\151\145\114\141\164\145\163\164\103\122\114\055 +-\107\062\056\143\162\154\060\035\006\003\125\035\016\004\026\004 +-\024\274\135\224\073\331\253\173\003\045\163\141\302\333\055\356 +-\374\253\217\145\241\060\015\006\011\052\206\110\206\367\015\001 +-\001\013\005\000\003\202\002\001\000\217\374\055\114\267\331\055 +-\325\037\275\357\313\364\267\150\027\165\235\116\325\367\335\234 +-\361\052\046\355\237\242\266\034\003\325\123\263\354\010\317\064 +-\342\343\303\364\265\026\057\310\303\276\327\323\163\253\000\066 +-\371\032\112\176\326\143\351\136\106\272\245\266\216\025\267\243 +-\052\330\103\035\357\135\310\037\201\205\263\213\367\377\074\364 +-\331\364\106\010\077\234\274\035\240\331\250\114\315\045\122\116 +-\012\261\040\367\037\351\103\331\124\106\201\023\232\300\136\164 +-\154\052\230\062\352\374\167\273\015\245\242\061\230\042\176\174 +-\174\347\332\244\255\354\267\056\032\031\161\370\110\120\332\103 +-\217\054\204\335\301\100\047\343\265\360\025\116\226\324\370\134 +-\343\206\051\106\053\327\073\007\353\070\177\310\206\127\227\323 +-\357\052\063\304\027\120\325\144\151\153\053\153\105\136\135\057 +-\027\312\132\116\317\303\327\071\074\365\073\237\106\271\233\347 +-\016\111\227\235\326\325\343\033\017\352\217\001\116\232\023\224 +-\131\012\002\007\110\113\032\140\253\177\117\355\013\330\125\015 +-\150\157\125\234\151\145\025\102\354\300\334\335\154\254\303\026 +-\316\013\035\126\233\244\304\304\322\056\340\017\342\104\047\053 +-\120\151\244\334\142\350\212\041\051\102\154\314\000\072\226\166 +-\233\357\100\300\244\136\167\204\062\154\046\052\071\146\256\135 +-\343\271\271\262\054\150\037\036\232\220\003\071\360\252\263\244 +-\314\111\213\030\064\351\067\311\173\051\307\204\174\157\104\025 +-\057\354\141\131\004\311\105\313\242\326\122\242\174\177\051\222 +-\326\112\305\213\102\250\324\376\352\330\307\207\043\030\344\235 +-\172\175\163\100\122\230\240\256\156\343\005\077\005\017\340\245 +-\306\155\115\355\203\067\210\234\307\363\334\102\232\152\266\327 +-\041\111\066\167\362\357\030\117\305\160\331\236\351\336\267\053 +-\213\364\274\176\050\337\015\100\311\205\134\256\235\305\061\377 +-\320\134\016\265\250\176\360\351\057\272\257\210\256\345\265\321 +-\130\245\257\234\161\247\051\001\220\203\151\067\202\005\272\374 +-\011\301\010\156\214\170\073\303\063\002\200\077\104\205\010\035 +-\337\125\126\010\255\054\205\055\135\261\003\341\256\252\164\305 +-\244\363\116\272\067\230\173\202\271 +-END +- +-# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" +-# Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL +-# Serial Number: 268435455 (0xfffffff) +-# Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL +-# Not Valid Before: Wed May 12 08:51:39 2010 +-# Not Valid After : Mon Mar 23 09:50:05 2020 +-# Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C +-# Fingerprint (SHA1): D5:F2:57:A9:BF:2D:D0:3F:8B:46:57:F9:2B:C9:A4:C6:92:E1:42:42 +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid G2" +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL +-\325\362\127\251\277\055\320\077\213\106\127\371\053\311\244\306 +-\222\341\102\102 +-END +-CKA_CERT_MD5_HASH MULTILINE_OCTAL +-\056\141\242\321\170\316\356\277\131\063\260\043\024\017\224\034 +-END +-CKA_ISSUER MULTILINE_OCTAL +-\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 +-\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157 +-\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004 +-\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111 +-\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141 +-\156\151\163\141\164\151\145\040\055\040\107\062 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\004\017\377\377\377 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- +-# + # Certificate "Security Communication RootCA2" + # + # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP + # Serial Number: 0 (0x0) + # Subject: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP + # Not Valid Before: Fri May 29 05:00:39 2009 + # Not Valid After : Tue May 29 05:00:39 2029 + # Fingerprint (SHA-256): 51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6 +@@ -8337,78 +8156,16 @@ END + CKA_SERIAL_NUMBER MULTILINE_OCTAL + \002\001\000 + END + CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +-# Explicitly Distrust "MITM subCA 1 issued by Trustwave", Bug 724929 +-# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US +-# Serial Number: 1800000005 (0x6b49d205) +-# Not Before: Apr 7 15:37:15 2011 GMT +-# Not After : Apr 4 15:37:15 2021 GMT +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "MITM subCA 1 issued by Trustwave" +-CKA_ISSUER MULTILINE_OCTAL +-\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123 +-\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156 +-\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150 +-\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030 +-\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156 +-\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004 +-\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147 +-\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156 +-\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060 +-\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141 +-\100\164\162\165\163\164\167\141\166\145\056\143\157\155 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\004\153\111\322\005 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- +-# Explicitly Distrust "MITM subCA 2 issued by Trustwave", Bug 724929 +-# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US +-# Serial Number: 1800000006 (0x6b49d206) +-# Not Before: Apr 18 21:09:30 2011 GMT +-# Not After : Apr 15 21:09:30 2021 GMT +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "MITM subCA 2 issued by Trustwave" +-CKA_ISSUER MULTILINE_OCTAL +-\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123 +-\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156 +-\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150 +-\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030 +-\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156 +-\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004 +-\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147 +-\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156 +-\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060 +-\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141 +-\100\164\162\165\163\164\167\141\166\145\056\143\157\155 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\004\153\111\322\006 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- + # + # Certificate "Actalis Authentication Root CA" + # + # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT + # Serial Number:57:0a:11:97:42:c4:e3:cc + # Subject: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT + # Not Valid Before: Thu Sep 22 11:22:02 2011 + # Not Valid After : Sun Sep 22 11:22:02 2030 +@@ -9042,84 +8799,16 @@ END + CKA_SERIAL_NUMBER MULTILINE_OCTAL + \002\001\001 + END + CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +-# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022 +-# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri +-# Serial Number: 2087 (0x827) +-# Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR +-# Not Valid Before: Mon Aug 08 07:07:51 2011 +-# Not Valid After : Tue Jul 06 07:07:51 2021 +-# Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E +-# Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1 +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 1" +-CKA_ISSUER MULTILINE_OCTAL +-\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303 +-\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 +-\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151 +-\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145 +-\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061 +-\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124 +-\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164 +-\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151 +-\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151 +-\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050 +-\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\002\010\047 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- +-# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 2", Bug 825022 +-# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri +-# Serial Number: 2148 (0x864) +-# Subject: E=ileti@kktcmerkezbankasi.org,CN=e-islem.kktcmerkezbankasi.org,O=KKTC Merkez Bankasi,L=Lefkosa,ST=Lefkosa,C=TR +-# Not Valid Before: Mon Aug 08 07:07:51 2011 +-# Not Valid After : Thu Aug 05 07:07:51 2021 +-# Fingerprint (MD5): BF:C3:EC:AD:0F:42:4F:B4:B5:38:DB:35:BF:AD:84:A2 +-# Fingerprint (SHA1): F9:2B:E5:26:6C:C0:5D:B2:DC:0D:C3:F2:DC:74:E0:2D:EF:D9:49:CB +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 2" +-CKA_ISSUER MULTILINE_OCTAL +-\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303 +-\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 +-\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151 +-\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145 +-\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061 +-\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124 +-\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164 +-\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151 +-\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151 +-\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050 +-\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\002\010\144 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- + # + # Certificate "D-TRUST Root Class 3 CA 2 2009" + # + # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE + # Serial Number: 623603 (0x983f3) + # Subject: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE + # Not Valid Before: Thu Nov 05 08:35:58 2009 + # Not Valid After : Mon Nov 05 08:35:58 2029 diff --git a/SOURCES/nss-3.79-fips.patch b/SOURCES/nss-3.79-fips.patch new file mode 100644 index 0000000..07c500f --- /dev/null +++ b/SOURCES/nss-3.79-fips.patch @@ -0,0 +1,578 @@ +diff --git a/lib/freebl/config.mk b/lib/freebl/config.mk +--- a/lib/freebl/config.mk ++++ b/lib/freebl/config.mk +@@ -85,9 +85,13 @@ EXTRA_SHARED_LIBS += \ + $(NULL) + endif + endif + + ifeq ($(OS_ARCH), Darwin) + EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib + endif + ++ifdef NSS_FIPS_140_3 ++DEFINES += -DNSS_FIPS_140_3 + endif ++ ++endif +diff --git a/lib/freebl/unix_urandom.c b/lib/freebl/unix_urandom.c +--- a/lib/freebl/unix_urandom.c ++++ b/lib/freebl/unix_urandom.c +@@ -20,53 +20,110 @@ RNG_SystemInfoForRNG(void) + if (!numBytes) { + /* error is set */ + return; + } + RNG_RandomUpdate(bytes, numBytes); + PORT_Memset(bytes, 0, sizeof bytes); + } + ++#ifdef NSS_FIPS_140_3 ++#include ++#include "prinit.h" ++ ++static int rng_grndFlags= 0; ++static PRCallOnceType rng_KernelFips; ++ ++static PRStatus ++rng_getKernelFips() ++{ ++#ifdef LINUX ++ FILE *f; ++ char d; ++ size_t size; ++ ++ f = fopen("/proc/sys/crypto/fips_enabled", "r"); ++ if (!f) ++ return PR_FAILURE; ++ ++ size = fread(&d, 1, 1, f); ++ fclose(f); ++ if (size != 1) ++ return PR_SUCCESS; ++ if (d != '1') ++ return PR_SUCCESS; ++ /* if the kernel is in FIPS mode, set the GRND_RANDOM flag */ ++ rng_grndFlags = GRND_RANDOM; ++#endif /* LINUX */ ++ return PR_SUCCESS; ++} ++#endif ++ + size_t + RNG_SystemRNG(void *dest, size_t maxLen) + { ++ size_t fileBytes = 0; ++ unsigned char *buffer = dest; ++#ifndef NSS_FIPS_140_3 + int fd; + int bytes; +- size_t fileBytes = 0; +- unsigned char *buffer = dest; ++#else ++ PR_CallOnce(&rng_KernelFips, rng_getKernelFips); ++#endif + + #if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || (defined(LINUX) && defined(__GLIBC__) && ((__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 25)))) + int result; +- + while (fileBytes < maxLen) { + size_t getBytes = maxLen - fileBytes; + if (getBytes > GETENTROPY_MAX_BYTES) { + getBytes = GETENTROPY_MAX_BYTES; + } ++#ifdef NSS_FIPS_140_3 ++ /* FIP 140-3 requires full kernel reseeding for chained entropy sources ++ * so we need to use getrandom with GRND_RANDOM. ++ * getrandom returns -1 on failure, otherwise returns ++ * the number of bytes, which can be less than getBytes */ ++ result = getrandom(buffer, getBytes, rng_grndFlags); ++ if (result < 0) { ++ break; ++ } ++ fileBytes += result; ++ buffer += result; ++#else ++ /* get entropy returns 0 on success and always return ++ * getBytes on success */ + result = getentropy(buffer, getBytes); + if (result == 0) { /* success */ + fileBytes += getBytes; + buffer += getBytes; + } else { + break; + } ++#endif + } + if (fileBytes == maxLen) { /* success */ + return maxLen; + } ++#ifdef NSS_FIPS_140_3 ++ /* in FIPS 104-3 we don't fallback, just fail */ ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ return 0; ++#else + /* If we failed with an error other than ENOSYS, it means the destination + * buffer is not writeable. We don't need to try writing to it again. */ + if (errno != ENOSYS) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); + return 0; + } ++#endif /*!NSS_FIPS_140_3 */ ++#endif /* platorm has getentropy */ ++#ifndef NSS_FIPS_140_3 + /* ENOSYS means the kernel doesn't support getentropy()/getrandom(). + * Reset the number of bytes to get and fall back to /dev/urandom. */ + fileBytes = 0; +-#endif + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); + return 0; + } + while (fileBytes < maxLen) { + bytes = read(fd, buffer, maxLen - fileBytes); + if (bytes <= 0) { +@@ -76,9 +133,10 @@ RNG_SystemRNG(void *dest, size_t maxLen) + buffer += bytes; + } + (void)close(fd); + if (fileBytes != maxLen) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); + return 0; + } + return fileBytes; ++#endif + } +diff --git a/lib/softoken/config.mk b/lib/softoken/config.mk +--- a/lib/softoken/config.mk ++++ b/lib/softoken/config.mk +@@ -58,8 +58,12 @@ endif + ifdef NSS_ENABLE_FIPS_INDICATORS + DEFINES += -DNSS_ENABLE_FIPS_INDICATORS + endif + + ifdef NSS_FIPS_MODULE_ID + DEFINES += -DNSS_FIPS_MODULE_ID=\"${NSS_FIPS_MODULE_ID}\" + endif + ++ifdef NSS_FIPS_140_3 ++DEFINES += -DNSS_FIPS_140_3 ++endif ++ +diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c +--- a/lib/softoken/lowpbe.c ++++ b/lib/softoken/lowpbe.c +@@ -1766,16 +1766,20 @@ sftk_fips_pbkdf_PowerUpSelfTests(void) + unsigned char iteration_count = 5; + unsigned char keyLen = 64; + char *inKeyData = TEST_KEY; +- static const unsigned char saltData[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; ++ static const unsigned char saltData[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f ++ }; ++ + static const unsigned char pbkdf_known_answer[] = { +- 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29, +- 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c, +- 0x28, 0x59, 0x8b, 0x5c, 0xd8, 0xd4, 0x02, 0x37, +- 0x18, 0x22, 0xc1, 0x92, 0xd0, 0xfa, 0x72, 0x90, +- 0x2c, 0x8d, 0x19, 0xd4, 0x56, 0xfb, 0x16, 0xfa, +- 0x8d, 0x5c, 0x06, 0x33, 0xd1, 0x5f, 0x17, 0xb1, +- 0x22, 0xd9, 0x9c, 0xaf, 0x5e, 0x3f, 0xf3, 0x66, +- 0xc6, 0x14, 0xfe, 0x83, 0xfa, 0x1a, 0x2a, 0xc5 ++ 0x73, 0x8c, 0xfa, 0x02, 0xe8, 0xdb, 0x43, 0xe4, ++ 0x99, 0xc5, 0xfd, 0xd9, 0x4d, 0x8e, 0x3e, 0x7b, ++ 0xc4, 0xda, 0x22, 0x1b, 0xe1, 0xae, 0x23, 0x7a, ++ 0x21, 0x27, 0xbd, 0xcc, 0x78, 0xc4, 0xe6, 0xc5, ++ 0x33, 0x38, 0x35, 0xe0, 0x68, 0x1a, 0x1e, 0x06, ++ 0xad, 0xaf, 0x7f, 0xd7, 0x3f, 0x0e, 0xc0, 0x90, ++ 0x17, 0x97, 0x73, 0x75, 0x7b, 0x88, 0x49, 0xd8, ++ 0x6f, 0x78, 0x5a, 0xde, 0x50, 0x20, 0x55, 0x33 + }; + + sftk_PBELockInit(); +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -4609,16 +4609,17 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + goto loser; + } + + /* make sure we don't have any class, key_type, or value fields */ + sftk_DeleteAttributeType(key, CKA_CLASS); + sftk_DeleteAttributeType(key, CKA_KEY_TYPE); + sftk_DeleteAttributeType(key, CKA_VALUE); + ++ + /* Now Set up the parameters to generate the key (based on mechanism) */ + key_gen_type = nsc_bulk; /* bulk key by default */ + switch (pMechanism->mechanism) { + case CKM_CDMF_KEY_GEN: + case CKM_DES_KEY_GEN: + case CKM_DES2_KEY_GEN: + case CKM_DES3_KEY_GEN: + checkWeak = PR_TRUE; +@@ -4812,16 +4813,19 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + crv = sftk_handleObject(key, session); + sftk_FreeSession(session); + if (crv == CKR_OK && sftk_isTrue(key, CKA_SENSITIVE)) { + crv = sftk_forceAttribute(key, CKA_ALWAYS_SENSITIVE, &cktrue, sizeof(CK_BBOOL)); + } + if (crv == CKR_OK && !sftk_isTrue(key, CKA_EXTRACTABLE)) { + crv = sftk_forceAttribute(key, CKA_NEVER_EXTRACTABLE, &cktrue, sizeof(CK_BBOOL)); + } ++ /* we need to do this check at the end, so we can check the generated key length against ++ * fips requirements */ ++ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE, key); + if (crv == CKR_OK) { + *phKey = key->handle; + } + loser: + PORT_Memset(buf, 0, sizeof buf); + sftk_FreeObject(key); + return crv; + } +@@ -5780,16 +5784,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS + + if (crv != CKR_OK) { + NSC_DestroyObject(hSession, publicKey->handle); + sftk_FreeObject(publicKey); + NSC_DestroyObject(hSession, privateKey->handle); + sftk_FreeObject(privateKey); + return crv; + } ++ /* we need to do this check at the end to make sure the generated key meets the key length requirements */ ++ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE_KEY_PAIR, privateKey); ++ publicKey->isFIPS = privateKey->isFIPS; + + *phPrivateKey = privateKey->handle; + *phPublicKey = publicKey->handle; + sftk_FreeObject(publicKey); + sftk_FreeObject(privateKey); + + return CKR_OK; + } +@@ -6990,16 +6997,17 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + } + + /* HKDF-Extract(salt, base key value) */ + if (params->bExtract) { + CK_BYTE *salt; + CK_ULONG saltLen; + HMACContext *hmac; + unsigned int bufLen; ++ SFTKSource saltKeySource = SFTK_SOURCE_DEFAULT; + + switch (params->ulSaltType) { + case CKF_HKDF_SALT_NULL: + saltLen = hashLen; + salt = hashbuf; + memset(salt, 0, saltLen); + break; + case CKF_HKDF_SALT_DATA: +@@ -7026,29 +7034,54 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + if (isFIPS && (key->isFIPS == 0) && (saltKey->isFIPS == 1)) { + CK_MECHANISM mech; + mech.mechanism = CKM_HKDF_DERIVE; + mech.pParameter = params; + mech.ulParameterLen = sizeof(*params); + key->isFIPS = sftk_operationIsFIPS(saltKey->slot, &mech, + CKA_DERIVE, saltKey); + } ++ saltKeySource = saltKey->source; + saltKey_att = sftk_FindAttribute(saltKey, CKA_VALUE); + if (saltKey_att == NULL) { + sftk_FreeObject(saltKey); + return CKR_KEY_HANDLE_INVALID; + } + /* save the resulting salt */ + salt = saltKey_att->attrib.pValue; + saltLen = saltKey_att->attrib.ulValueLen; + break; + default: + return CKR_MECHANISM_PARAM_INVALID; + break; + } ++ /* only TLS style usage is FIPS approved, ++ * turn off the FIPS indicator for other usages */ ++ if (isFIPS && key && sourceKey) { ++ PRBool fipsOK = PR_FALSE; ++ /* case one: mix the kea with a previous or default ++ * salt */ ++ if ((sourceKey->source == SFTK_SOURCE_KEA) && ++ (saltKeySource == SFTK_SOURCE_HKDF_EXPAND) && ++ (saltLen == rawHash->length)) { ++ fipsOK = PR_TRUE; ++ } ++ /* case two: restart, remix the previous secret as a salt */ ++ if ((sourceKey->objclass == CKO_DATA) && ++ (NSS_SecureMemcmpZero(sourceKeyBytes, sourceKeyLen) == 0) && ++ (sourceKeyLen == rawHash->length) && ++ (saltKeySource == SFTK_SOURCE_HKDF_EXPAND) && ++ (saltLen == rawHash->length)) { ++ fipsOK = PR_TRUE; ++ } ++ if (!fipsOK) { ++ key->isFIPS = PR_FALSE; ++ } ++ } ++ if (key) key->source = SFTK_SOURCE_HKDF_EXTRACT; + + hmac = HMAC_Create(rawHash, salt, saltLen, isFIPS); + if (saltKey_att) { + sftk_FreeAttribute(saltKey_att); + } + if (saltKey) { + sftk_FreeObject(saltKey); + } +@@ -7076,16 +7109,40 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + /* T(1) = HMAC-Hash(prk, "" | info | 0x01) + * T(n) = HMAC-Hash(prk, T(n-1) | info | n + * key material = T(1) | ... | T(n) + */ + HMACContext *hmac; + CK_BYTE bi; + unsigned iterations; + ++ /* only TLS style usage is FIPS approved, ++ * turn off the FIPS indicator for other usages */ ++ if (isFIPS && key && key->isFIPS && sourceKey) { ++ unsigned char *info=¶ms->pInfo[3]; ++ /* only one case, ++ * 1) Expand only ++ * 2) with a key whose source was ++ * SFTK_SOURCE_HKDF_EXPAND or SFTK_SOURCE_HKDF_EXTRACT ++ * 3) source key length == rawHash->length ++ * 4) Info has tls or dtls ++ * If any of those conditions aren't met, then we turn ++ * off the fips indicator */ ++ if (params->bExtract || ++ ((sourceKey->source != SFTK_SOURCE_HKDF_EXTRACT) && ++ (sourceKey->source != SFTK_SOURCE_HKDF_EXPAND)) || ++ (sourceKeyLen != rawHash->length) || ++ (params->ulInfoLen < 7) || ++ ((PORT_Memcmp(info,"tls",3) != 0) && ++ (PORT_Memcmp(info,"dtls",4) != 0))) { ++ key->isFIPS = PR_FALSE; ++ } ++ } ++ if (key) key->source = SFTK_SOURCE_HKDF_EXPAND; ++ + genLen = PR_ROUNDUP(keySize, hashLen); + iterations = genLen / hashLen; + + if (genLen > sizeof(keyBlock)) { + keyBlockAlloc = PORT_Alloc(genLen); + if (keyBlockAlloc == NULL) { + return CKR_HOST_MEMORY; + } +@@ -8434,16 +8491,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + + /* calculate private value - oct */ + rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize); + + SECITEM_ZfreeItem(&dhPrime, PR_FALSE); + SECITEM_ZfreeItem(&dhValue, PR_FALSE); + + if (rv == SECSuccess) { ++ key->source = SFTK_SOURCE_KEA; + sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); + SECITEM_ZfreeItem(&derived, PR_FALSE); + crv = CKR_OK; + } else + crv = CKR_HOST_MEMORY; + + break; + } +@@ -8564,16 +8622,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + } + PORT_Memcpy(&keyData[keySize - secretlen], secret, secretlen); + secret = keyData; + } else { + secret += (secretlen - keySize); + } + secretlen = keySize; + } ++ key->source = SFTK_SOURCE_KEA; + + sftk_forceAttribute(key, CKA_VALUE, secret, secretlen); + PORT_ZFree(tmp.data, tmp.len); + if (keyData) { + PORT_ZFree(keyData, keySize); + } + break; + +diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h +--- a/lib/softoken/pkcs11i.h ++++ b/lib/softoken/pkcs11i.h +@@ -147,16 +147,26 @@ typedef enum { + */ + typedef enum { + SFTK_DestroyFailure, + SFTK_Destroyed, + SFTK_Busy + } SFTKFreeStatus; + + /* ++ * Source of various objects ++ */ ++typedef enum { ++ SFTK_SOURCE_DEFAULT=0, ++ SFTK_SOURCE_KEA, ++ SFTK_SOURCE_HKDF_EXPAND, ++ SFTK_SOURCE_HKDF_EXTRACT ++} SFTKSource; ++ ++/* + * attribute values of an object. + */ + struct SFTKAttributeStr { + SFTKAttribute *next; + SFTKAttribute *prev; + PRBool freeAttr; + PRBool freeData; + /*must be called handle to make sftkqueue_find work */ +@@ -189,16 +199,17 @@ struct SFTKObjectStr { + CK_OBJECT_CLASS objclass; + CK_OBJECT_HANDLE handle; + int refCount; + PZLock *refLock; + SFTKSlot *slot; + void *objectInfo; + SFTKFree infoFree; + PRBool isFIPS; ++ SFTKSource source; + }; + + struct SFTKTokenObjectStr { + SFTKObject obj; + SECItem dbKey; + }; + + struct SFTKSessionObjectStr { +diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c +--- a/lib/softoken/pkcs11u.c ++++ b/lib/softoken/pkcs11u.c +@@ -1090,16 +1090,17 @@ sftk_NewObject(SFTKSlot *slot) + sessObject->attrList[i].freeData = PR_FALSE; + } + sessObject->optimizeSpace = slot->optimizeSpace; + + object->handle = 0; + object->next = object->prev = NULL; + object->slot = slot; + object->isFIPS = sftk_isFIPS(slot->slotID); ++ object->source = SFTK_SOURCE_DEFAULT; + + object->refCount = 1; + sessObject->sessionList.next = NULL; + sessObject->sessionList.prev = NULL; + sessObject->sessionList.parent = object; + sessObject->session = NULL; + sessObject->wasDerived = PR_FALSE; + if (!hasLocks) +@@ -1674,16 +1675,17 @@ fail: + CK_RV + sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject) + { + SFTKAttribute *attribute; + SFTKSessionObject *src_so = sftk_narrowToSessionObject(srcObject); + unsigned int i; + + destObject->isFIPS = srcObject->isFIPS; ++ destObject->source = srcObject->source; + if (src_so == NULL) { + return sftk_CopyTokenObject(destObject, srcObject); + } + + PZ_Lock(src_so->attributeLock); + for (i = 0; i < src_so->hashSize; i++) { + attribute = src_so->head[i]; + do { +@@ -2059,16 +2061,17 @@ sftk_NewTokenObject(SFTKSlot *slot, SECI + /* every object must have a class, if we can't get it, the object + * doesn't exist */ + crv = handleToClass(slot, handle, &object->objclass); + if (crv != CKR_OK) { + goto loser; + } + object->slot = slot; + object->isFIPS = sftk_isFIPS(slot->slotID); ++ object->source = SFTK_SOURCE_DEFAULT; + object->objectInfo = NULL; + object->infoFree = NULL; + if (!hasLocks) { + object->refLock = PZ_NewLock(nssILockRefLock); + } + if (object->refLock == NULL) { + goto loser; + } +@@ -2225,16 +2228,25 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE + break; + case CKA_DERIVE: + flags = CKF_DERIVE; + break; + /* fake attribute to select digesting */ + case CKA_DIGEST: + flags = CKF_DIGEST; + break; ++ /* fake attribute to select key gen */ ++ case CKA_NSS_GENERATE: ++ flags = CKF_GENERATE; ++ break; ++ /* fake attribute to select key pair gen */ ++ case CKA_NSS_GENERATE_KEY_PAIR: ++ flags = CKF_GENERATE_KEY_PAIR; ++ break; ++ /* fake attributes to to handle MESSAGE* flags */ + case CKA_NSS_MESSAGE | CKA_ENCRYPT: + flags = CKF_MESSAGE_ENCRYPT; + break; + case CKA_NSS_MESSAGE | CKA_DECRYPT: + flags = CKF_MESSAGE_DECRYPT; + break; + case CKA_NSS_MESSAGE | CKA_SIGN: + flags = CKF_MESSAGE_SIGN; +@@ -2278,17 +2290,17 @@ sftk_quickGetECCCurveOid(SFTKObject *sou + } + + /* This function currently only returns valid lengths for + * FIPS approved ECC curves. If we want to make this generic + * in the future, that Curve determination can be done in + * the sftk_handleSpecial. Since it's currently only used + * in FIPS indicators, it's currently only compiled with + * the FIPS indicator code */ +-static int ++static CK_ULONG + sftk_getKeyLength(SFTKObject *source) + { + CK_KEY_TYPE keyType = CK_INVALID_HANDLE; + CK_ATTRIBUTE_TYPE keyAttribute; + CK_ULONG keyLength = 0; + SFTKAttribute *attribute; + CK_RV crv; + +diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h +--- a/lib/util/pkcs11n.h ++++ b/lib/util/pkcs11n.h +@@ -58,16 +58,18 @@ + /* + * NSS-defined certificate types + * + */ + #define CKC_NSS (CKC_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + + /* FAKE PKCS #11 defines */ + #define CKA_DIGEST 0x81000000L ++#define CKA_NSS_GENERATE 0x81000001L ++#define CKA_NSS_GENERATE_KEY_PAIR 0x81000002L + #define CKA_NSS_MESSAGE 0x82000000L + #define CKA_NSS_MESSAGE_MASK 0xff000000L + #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ + + /* + * NSS-defined object attributes + * + */ diff --git a/SOURCES/nss-3.90-aes-gmc-indicator.patch b/SOURCES/nss-3.90-aes-gmc-indicator.patch new file mode 100644 index 0000000..8a91208 --- /dev/null +++ b/SOURCES/nss-3.90-aes-gmc-indicator.patch @@ -0,0 +1,42 @@ +diff --git a/lib/softoken/sftkmessage.c b/lib/softoken/sftkmessage.c +--- a/lib/softoken/sftkmessage.c ++++ b/lib/softoken/sftkmessage.c +@@ -146,16 +146,38 @@ sftk_CryptMessage(CK_SESSION_HANDLE hSes + + CHECK_FORK(); + + /* make sure we're legal */ + crv = sftk_GetContext(hSession, &context, contextType, PR_TRUE, NULL); + if (crv != CKR_OK) + return crv; + ++ if (context->isFIPS && (contextType == SFTK_MESSAGE_ENCRYPT)) { ++ if ((pParameter == NULL) || (ulParameterLen != sizeof(CK_GCM_MESSAGE_PARAMS))) { ++ context->isFIPS = PR_FALSE; ++ } else { ++ CK_GCM_MESSAGE_PARAMS *p = (CK_GCM_MESSAGE_PARAMS *)pParameter; ++ switch (p->ivGenerator) { ++ case CKG_NO_GENERATE: ++ context->isFIPS = PR_FALSE; ++ break; ++ case CKG_GENERATE_RANDOM: ++ if ((p->ulIvLen < 12) || (p->ulIvFixedBits != 0)) { ++ context->isFIPS = PR_FALSE; ++ } ++ break; ++ default: ++ if ((p->ulIvLen < 12) || (p->ulIvFixedBits < 32)) { ++ context->isFIPS = PR_FALSE; ++ } ++ } ++ } ++ } ++ + if (!pOuttext) { + *pulOuttextLen = ulIntextLen; + return CKR_OK; + } + rv = (*context->aeadUpdate)(context->cipherInfo, pOuttext, &outlen, + maxout, pIntext, ulIntextLen, + pParameter, ulParameterLen, + pAssociatedData, ulAssociatedDataLen); diff --git a/SOURCES/nss-3.90-dh-test-update.patch b/SOURCES/nss-3.90-dh-test-update.patch new file mode 100644 index 0000000..fcbeae5 --- /dev/null +++ b/SOURCES/nss-3.90-dh-test-update.patch @@ -0,0 +1,90 @@ +diff -up ./lib/freebl/fipsfreebl.c.dh_test ./lib/freebl/fipsfreebl.c +--- ./lib/freebl/fipsfreebl.c.dh_test 2024-01-18 08:34:45.936944401 -0800 ++++ ./lib/freebl/fipsfreebl.c 2024-01-18 09:20:57.555980326 -0800 +@@ -1816,38 +1816,39 @@ freebl_fips_DH_PowerUpSelfTest(void) + { + /* DH Known P (2048-bits) */ + static const PRUint8 dh_known_P[] = { +- 0xc2, 0x79, 0xbb, 0x76, 0x32, 0x0d, 0x43, 0xfd, +- 0x1b, 0x8c, 0xa2, 0x3c, 0x00, 0xdd, 0x6d, 0xef, +- 0xf8, 0x1a, 0xd9, 0xc1, 0xa2, 0xf5, 0x73, 0x2b, +- 0xdb, 0x1a, 0x3e, 0x84, 0x90, 0xeb, 0xe7, 0x8e, +- 0x5f, 0x5c, 0x6b, 0xb6, 0x61, 0x89, 0xd1, 0x03, +- 0xb0, 0x5f, 0x91, 0xe4, 0xd2, 0x82, 0x90, 0xfc, +- 0x3c, 0x49, 0x69, 0x59, 0xc1, 0x51, 0x6a, 0x85, +- 0x71, 0xe7, 0x5d, 0x72, 0x5a, 0x45, 0xad, 0x01, +- 0x6f, 0x82, 0xae, 0xec, 0x91, 0x08, 0x2e, 0x7c, +- 0x64, 0x93, 0x46, 0x1c, 0x68, 0xef, 0xc2, 0x03, +- 0x28, 0x1d, 0x75, 0x3a, 0xeb, 0x9c, 0x46, 0xf0, +- 0xc9, 0xdb, 0x99, 0x95, 0x13, 0x66, 0x4d, 0xd5, +- 0x1a, 0x78, 0x92, 0x51, 0x89, 0x72, 0x28, 0x7f, +- 0x20, 0x70, 0x41, 0x49, 0xa2, 0x86, 0xe9, 0xf9, +- 0x78, 0x5f, 0x8d, 0x2e, 0x5d, 0xfa, 0xdb, 0x57, +- 0xd4, 0x71, 0xdf, 0x66, 0xe3, 0x9e, 0x88, 0x70, +- 0xa4, 0x21, 0x44, 0x6a, 0xc7, 0xae, 0x30, 0x2c, +- 0x9c, 0x1f, 0x91, 0x57, 0xc8, 0x24, 0x34, 0x2d, +- 0x7a, 0x4a, 0x43, 0xc2, 0x5f, 0xab, 0x64, 0x2e, +- 0xaa, 0x28, 0x32, 0x95, 0x42, 0x7b, 0xa0, 0xcc, +- 0xdf, 0xfd, 0x22, 0xc8, 0x56, 0x84, 0xc1, 0x62, +- 0x15, 0xb2, 0x77, 0x86, 0x81, 0xfc, 0xa5, 0x12, +- 0x3c, 0xca, 0x28, 0x17, 0x8f, 0x03, 0x16, 0x6e, +- 0xb8, 0x24, 0xfa, 0x1b, 0x15, 0x02, 0xfd, 0x8b, +- 0xb6, 0x0a, 0x1a, 0xf7, 0x47, 0x41, 0xc5, 0x2b, +- 0x37, 0x3e, 0xa1, 0xbf, 0x68, 0xda, 0x1c, 0x55, +- 0x44, 0xc3, 0xee, 0xa1, 0x63, 0x07, 0x11, 0x3b, +- 0x5f, 0x00, 0x84, 0xb4, 0xc4, 0xe4, 0xa7, 0x97, +- 0x29, 0xf8, 0xce, 0xab, 0xfc, 0x27, 0x3e, 0x34, +- 0xe4, 0xc7, 0x81, 0x52, 0x32, 0x0e, 0x27, 0x3c, +- 0xa6, 0x70, 0x3f, 0x4a, 0x54, 0xda, 0xdd, 0x60, +- 0x26, 0xb3, 0x6e, 0x45, 0x26, 0x19, 0x41, 0x6f ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, ++ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, ++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, ++ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, ++ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, ++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, ++ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, ++ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, ++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, ++ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, ++ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, ++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, ++ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, ++ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, ++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, ++ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, ++ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, ++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, ++ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, ++ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, ++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, ++ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, ++ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, ++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, ++ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, ++ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, ++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, ++ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, ++ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, ++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++ + }; + + static const PRUint8 dh_known_Y_1[] = { +@@ -1893,10 +1894,10 @@ freebl_fips_DH_PowerUpSelfTest(void) + }; + + static const PRUint8 dh_known_hash_result[] = { +- 0x93, 0xa2, 0x89, 0x1c, 0x8a, 0xc3, 0x70, 0xbf, +- 0xa7, 0xdf, 0xb6, 0xd7, 0x82, 0xfb, 0x87, 0x81, +- 0x09, 0x47, 0xf3, 0x9f, 0x5a, 0xbf, 0x4f, 0x3f, +- 0x8e, 0x5e, 0x06, 0xca, 0x30, 0xa7, 0xaf, 0x10 ++ 0x40, 0xe3, 0x7a, 0x34, 0x83, 0x2d, 0x94, 0x57, ++ 0x99, 0x3d, 0x66, 0xec, 0x54, 0xdf, 0x82, 0x4a, ++ 0x37, 0x0d, 0xf9, 0x01, 0xb3, 0xbc, 0x54, 0xe5, ++ 0x5e, 0x63, 0xd3, 0x46, 0x4e, 0xa3, 0xe2, 0x8a + }; + + /* DH variables. */ diff --git a/SOURCES/nss-3.90-fips-indicators2.patch b/SOURCES/nss-3.90-fips-indicators2.patch new file mode 100644 index 0000000..e02d8bf --- /dev/null +++ b/SOURCES/nss-3.90-fips-indicators2.patch @@ -0,0 +1,176 @@ +diff -up ./lib/softoken/pkcs11c.c.fips_2 ./lib/softoken/pkcs11c.c +--- ./lib/softoken/pkcs11c.c.fips_2 2024-01-19 09:21:19.632889660 -0800 ++++ ./lib/softoken/pkcs11c.c 2024-01-19 09:22:18.541471306 -0800 +@@ -7090,7 +7090,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ + mech.ulParameterLen = sizeof(*params); + key->isFIPS = sftk_operationIsFIPS(saltKey->slot, &mech, + CKA_DERIVE, saltKey, +- keySize); ++ keySize*PR_BITS_PER_BYTE); + } + saltKeySource = saltKey->source; + saltKey_att = sftk_FindAttribute(saltKey, CKA_VALUE); +@@ -7404,7 +7404,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + } + } + key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey, +- keySize); ++ keySize*PR_BITS_PER_BYTE); + + switch (mechanism) { + /* get a public key from a private key. nsslowkey_ConvertToPublickey() +diff -up ./lib/softoken/pkcs11u.c.fips_2 ./lib/softoken/pkcs11u.c +--- ./lib/softoken/pkcs11u.c.fips_2 2024-01-19 09:21:19.633889670 -0800 ++++ ./lib/softoken/pkcs11u.c 2024-01-19 09:28:00.082843565 -0800 +@@ -2393,20 +2393,43 @@ sftk_getKeyLength(SFTKObject *source) + } + + PRBool +-sftk_CheckFIPSHash(CK_MECHANISM_TYPE hash) ++sftk_checkFIPSHash(CK_MECHANISM_TYPE hash, PRBool allowSmall, PRBool allowCMAC) + { + switch (hash) { ++ case CKM_AES_CMAC: ++ return allowCMAC; ++ case CKM_SHA_1: ++ case CKM_SHA_1_HMAC: ++ case CKM_SHA224: ++ case CKM_SHA224_HMAC: ++ return allowSmall; + case CKM_SHA256: +- case CKG_MGF1_SHA256: ++ case CKM_SHA256_HMAC: + case CKM_SHA384: +- case CKG_MGF1_SHA384: ++ case CKM_SHA384_HMAC: + case CKM_SHA512: +- case CKG_MGF1_SHA512: ++ case CKM_SHA512_HMAC: + return PR_TRUE; + } + return PR_FALSE; + } + ++PRBool ++sftk_checkKeyLength(CK_ULONG keyLength, CK_ULONG min, ++ CK_ULONG max, CK_ULONG step) ++{ ++ if (keyLength > max) { ++ return PR_FALSE; ++ } ++ if (keyLength < min ) { ++ return PR_FALSE; ++ } ++ if (((keyLength - min) % step) != 0) { ++ return PR_FALSE; ++ } ++ return PR_TRUE; ++} ++ + /* + * handle specialized FIPS semantics that are too complicated to + * handle with just a table. NOTE: this means any additional semantics +@@ -2416,6 +2439,8 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + SFTKFIPSAlgorithmList *mechInfo, SFTKObject *source, + CK_ULONG keyLength, CK_ULONG targetKeyLength) + { ++ PRBool allowSmall = PR_FALSE; ++ PRBool allowCMAC = PR_FALSE; + switch (mechInfo->special) { + case SFTKFIPSDH: { + SECItem dhPrime; +@@ -2482,7 +2507,11 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + if (pss->sLen > hashObj->length) { + return PR_FALSE; + } +- return sftk_CheckFIPSHash(pss->hashAlg); ++ /* Our code makes sure pss->hashAlg matches the explicit ++ * hash in the mechanism, and only mechanisms with approved ++ * hashes are included, so no need to check pss->hashAlg ++ * here */ ++ return PR_TRUE; + } + case SFTKFIPSPBKDF2: { + /* PBKDF2 must have the following addition restrictions +@@ -2508,12 +2537,28 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + return PR_TRUE; + } + /* check the hash mechanisms to make sure they themselves are FIPS */ ++ case SFTKFIPSChkHashSp800: ++ allowCMAC = PR_TRUE; + case SFTKFIPSChkHash: ++ allowSmall = PR_TRUE; ++ case SFTKFIPSChkHashTls: + if (mech->ulParameterLen < mechInfo->offset +sizeof(CK_ULONG)) { + return PR_FALSE; + } +- return sftk_CheckFIPSHash(*(CK_ULONG *)(((char *)mech->pParameter) +- + mechInfo->offset)); ++ return sftk_checkFIPSHash(*(CK_ULONG *)(((char *)mech->pParameter) ++ + mechInfo->offset), allowSmall, allowCMAC); ++ case SFTKFIPSTlsKeyCheck: ++ if (mech->mechanism != CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { ++ /* unless the mechnism has a built-in hash, check the hash */ ++ if (mech->ulParameterLen < mechInfo->offset +sizeof(CK_ULONG)) { ++ return PR_FALSE; ++ } ++ if (!sftk_checkFIPSHash(*(CK_ULONG *)(((char *)mech->pParameter) ++ + mechInfo->offset), PR_FALSE, PR_FALSE)) { ++ return PR_FALSE; ++ } ++ } ++ return sftk_checkKeyLength(targetKeyLength, 112, 512, 1); + default: + break; + } +@@ -2558,13 +2603,11 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_ + * approved algorithm in the approved mode with an approved key */ + if ((mech->mechanism == mechs->type) && + (opFlags == (mechs->info.flags & opFlags)) && +- (keyLength <= mechs->info.ulMaxKeySize) && +- (keyLength >= mechs->info.ulMinKeySize) && +- (((keyLength - mechs->info.ulMinKeySize) % mechs->step) == 0) && +- ((targetKeyLength == 0) || +- ((targetKeyLength <= mechs->info.ulMaxKeySize) && +- (targetKeyLength >= mechs->info.ulMinKeySize) && +- ((targetKeyLength - mechs->info.ulMinKeySize) % mechs->step) == 0)) && ++ sftk_checkKeyLength(keyLength, mechs->info.ulMinKeySize, ++ mechs->info.ulMaxKeySize, mechs->step) && ++ ((targetKeyLength == 0) || (mechs->special == SFTKFIPSTlsKeyCheck) ++ || sftk_checkKeyLength(targetKeyLength, mechs->info.ulMinKeySize, ++ mechs->info.ulMaxKeySize, mechs->step)) && + ((mechs->special == SFTKFIPSNone) || + sftk_handleSpecial(slot, mech, mechs, source, keyLength, targetKeyLength))) { + return PR_TRUE; +diff -up ./lib/softoken/sftkmessage.c.fips_2 ./lib/softoken/sftkmessage.c +--- ./lib/softoken/sftkmessage.c.fips_2 2024-01-19 09:21:19.634889680 -0800 ++++ ./lib/softoken/sftkmessage.c 2024-01-19 09:22:18.541471306 -0800 +@@ -157,16 +157,25 @@ sftk_CryptMessage(CK_SESSION_HANDLE hSes + } else { + CK_GCM_MESSAGE_PARAMS *p = (CK_GCM_MESSAGE_PARAMS *)pParameter; + switch (p->ivGenerator) { ++ default: + case CKG_NO_GENERATE: + context->isFIPS = PR_FALSE; + break; + case CKG_GENERATE_RANDOM: +- if ((p->ulIvLen < 12) || (p->ulIvFixedBits != 0)) { ++ if ((p->ulIvLen < 96/PR_BITS_PER_BYTE) || ++ (p->ulIvFixedBits != 0)) { + context->isFIPS = PR_FALSE; + } + break; +- default: +- if ((p->ulIvLen < 12) || (p->ulIvFixedBits < 32)) { ++ case CKG_GENERATE_COUNTER_XOR: ++ if ((p->ulIvLen != 96/PR_BITS_PER_BYTE) || ++ (p->ulIvFixedBits != 32)) { ++ context->isFIPS = PR_FALSE; ++ } ++ break; ++ case CKG_GENERATE_COUNTER: ++ if ((p->ulIvFixedBits < 32) || ++ ((p->ulIvLen*PR_BITS_PER_BYTE - p->ulIvFixedBits) < 32)) { + context->isFIPS = PR_FALSE; + } + } diff --git a/SOURCES/nss-3.90-fips-safe-memset.patch b/SOURCES/nss-3.90-fips-safe-memset.patch new file mode 100644 index 0000000..1503bd9 --- /dev/null +++ b/SOURCES/nss-3.90-fips-safe-memset.patch @@ -0,0 +1,506 @@ +diff -up ./lib/freebl/aeskeywrap.c.safe_zero ./lib/freebl/aeskeywrap.c +--- ./lib/freebl/aeskeywrap.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/aeskeywrap.c 2023-11-22 14:42:24.246388369 -0800 +@@ -512,7 +512,7 @@ AESKeyWrap_EncryptKWP(AESKeyWrapContext + PORT_Memcpy(iv + AES_KEY_WRAP_BLOCK_SIZE, input, inputLen); + rv = AES_Encrypt(&cx->aescx, output, pOutputLen, maxOutputLen, iv, + outLen); +- PORT_Memset(iv, 0, sizeof(iv)); ++ PORT_SafeZero(iv, sizeof(iv)); + return rv; + } + +@@ -528,7 +528,7 @@ AESKeyWrap_EncryptKWP(AESKeyWrapContext + PORT_ZFree(newBuf, paddedInputLen); + /* a little overkill, we only need to clear out the length, but this + * is easier to verify we got it all */ +- PORT_Memset(iv, 0, sizeof(iv)); ++ PORT_SafeZero(iv, sizeof(iv)); + return rv; + } + +@@ -631,12 +631,12 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext + loser: + /* if we failed, make sure we don't return any data to the user */ + if ((rv != SECSuccess) && (output == newBuf)) { +- PORT_Memset(newBuf, 0, paddedLen); ++ PORT_SafeZero(newBuf, paddedLen); + } + /* clear out CSP sensitive data from the heap and stack */ + if (allocBuf) { + PORT_ZFree(allocBuf, paddedLen); + } +- PORT_Memset(iv, 0, sizeof(iv)); ++ PORT_SafeZero(iv, sizeof(iv)); + return rv; + } +diff -up ./lib/freebl/blapii.h.safe_zero ./lib/freebl/blapii.h +--- ./lib/freebl/blapii.h.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/blapii.h 2023-11-22 14:42:24.246388369 -0800 +@@ -101,10 +101,10 @@ PRBool ppc_crypto_support(); + #ifdef NSS_FIPS_DISABLED + #define BLAPI_CLEAR_STACK(stack_size) + #else +-#define BLAPI_CLEAR_STACK(stack_size) \ +- { \ +- volatile char _stkclr[stack_size]; \ +- PORT_Memset((void *)&_stkclr[0], 0, stack_size); \ ++#define BLAPI_CLEAR_STACK(stack_size) \ ++ { \ ++ volatile char _stkclr[stack_size]; \ ++ PORT_SafeZero((void *)&_stkclr[0], stack_size); \ + } + #endif + +diff -up ./lib/freebl/drbg.c.safe_zero ./lib/freebl/drbg.c +--- ./lib/freebl/drbg.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/drbg.c 2023-11-22 14:42:24.246388369 -0800 +@@ -197,7 +197,7 @@ prng_initEntropy(void) + SHA256_Update(&ctx, block, sizeof(block)); + SHA256_End(&ctx, globalrng->previousEntropyHash, NULL, + sizeof(globalrng->previousEntropyHash)); +- PORT_Memset(block, 0, sizeof(block)); ++ PORT_SafeZero(block, sizeof(block)); + SHA256_DestroyContext(&ctx, PR_FALSE); + return PR_SUCCESS; + } +@@ -246,8 +246,8 @@ prng_getEntropy(PRUint8 *buffer, size_t + } + + out: +- PORT_Memset(hash, 0, sizeof hash); +- PORT_Memset(block, 0, sizeof block); ++ PORT_SafeZero(hash, sizeof hash); ++ PORT_SafeZero(block, sizeof block); + return rv; + } + +@@ -393,8 +393,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *r + PRNG_ADD_CARRY_ONLY(data, (sizeof data) - 1, carry); + SHA256_DestroyContext(&ctx, PR_FALSE); + } +- PORT_Memset(data, 0, sizeof data); +- PORT_Memset(thisHash, 0, sizeof thisHash); ++ PORT_SafeZero(data, sizeof data); ++ PORT_SafeZero(thisHash, sizeof thisHash); + } + + /* +@@ -455,7 +455,7 @@ prng_generateNewBytes(RNGContext *rng, + PRNG_ADD_CARRY_ONLY(rng->reseed_counter, (sizeof rng->reseed_counter) - 1, carry); + + /* if the prng failed, don't return any output, signal softoken */ +- PORT_Memset(H, 0, sizeof H); ++ PORT_SafeZero(H, sizeof H); + if (!rng->isValid) { + PORT_Memset(returned_bytes, 0, no_of_returned_bytes); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); +diff -up ./lib/freebl/dsa.c.safe_zero ./lib/freebl/dsa.c +--- ./lib/freebl/dsa.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/dsa.c 2023-11-22 14:42:24.246388369 -0800 +@@ -471,7 +471,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECIt + err = MP_OKAY; + signature->len = dsa_signature_len; + cleanup: +- PORT_Memset(localDigestData, 0, DSA_MAX_SUBPRIME_LEN); ++ PORT_SafeZero(localDigestData, DSA_MAX_SUBPRIME_LEN); + mp_clear(&p); + mp_clear(&q); + mp_clear(&g); +@@ -532,7 +532,7 @@ DSA_SignDigest(DSAPrivateKey *key, SECIt + rv = dsa_SignDigest(key, signature, digest, kSeed); + } while (rv != SECSuccess && PORT_GetError() == SEC_ERROR_NEED_RANDOM && + --retries > 0); +- PORT_Memset(kSeed, 0, sizeof kSeed); ++ PORT_SafeZero(kSeed, sizeof kSeed); + return rv; + } + +@@ -673,7 +673,7 @@ DSA_VerifyDigest(DSAPublicKey *key, cons + verified = SECSuccess; /* Signature verified. */ + } + cleanup: +- PORT_Memset(localDigestData, 0, sizeof localDigestData); ++ PORT_SafeZero(localDigestData, sizeof localDigestData); + mp_clear(&p); + mp_clear(&q); + mp_clear(&g); +diff -up ./lib/freebl/gcm.c.safe_zero ./lib/freebl/gcm.c +--- ./lib/freebl/gcm.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/gcm.c 2023-11-22 14:42:24.246388369 -0800 +@@ -480,7 +480,7 @@ gcmHash_Final(gcmHashContext *ghash, uns + rv = SECSuccess; + + cleanup: +- PORT_Memset(T, 0, sizeof(T)); ++ PORT_SafeZero(T, sizeof(T)); + return rv; + } + +@@ -596,15 +596,15 @@ GCM_CreateContext(void *context, freeblC + if (rv != SECSuccess) { + goto loser; + } +- PORT_Memset(H, 0, AES_BLOCK_SIZE); ++ PORT_SafeZero(H, AES_BLOCK_SIZE); + gcm->ctr_context_init = PR_TRUE; + return gcm; + + loser: +- PORT_Memset(H, 0, AES_BLOCK_SIZE); ++ PORT_SafeZero(H, AES_BLOCK_SIZE); + if (ghash && ghash->mem) { + void *mem = ghash->mem; +- PORT_Memset(ghash, 0, sizeof(gcmHashContext)); ++ PORT_SafeZero(ghash, sizeof(gcmHashContext)); + PORT_Free(mem); + } + if (gcm) { +@@ -682,11 +682,11 @@ gcm_InitCounter(GCMContext *gcm, const u + goto loser; + } + +- PORT_Memset(&ctrParams, 0, sizeof ctrParams); ++ PORT_SafeZero(&ctrParams, sizeof ctrParams); + return SECSuccess; + + loser: +- PORT_Memset(&ctrParams, 0, sizeof ctrParams); ++ PORT_SafeZero(&ctrParams, sizeof ctrParams); + if (freeCtr) { + CTR_DestroyContext(&gcm->ctr_context, PR_FALSE); + } +@@ -866,10 +866,10 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig + if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) { + /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ + PORT_SetError(SEC_ERROR_BAD_DATA); +- PORT_Memset(tag, 0, sizeof(tag)); ++ PORT_SafeZero(tag, sizeof(tag)); + return SECFailure; + } +- PORT_Memset(tag, 0, sizeof(tag)); ++ PORT_SafeZero(tag, sizeof(tag)); + /* finish the decryption */ + return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, + inbuf, inlen, AES_BLOCK_SIZE); +@@ -1159,10 +1159,10 @@ GCM_DecryptAEAD(GCMContext *gcm, unsigne + /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ + CTR_DestroyContext(&gcm->ctr_context, PR_FALSE); + PORT_SetError(SEC_ERROR_BAD_DATA); +- PORT_Memset(tag, 0, sizeof(tag)); ++ PORT_SafeZero(tag, sizeof(tag)); + return SECFailure; + } +- PORT_Memset(tag, 0, sizeof(tag)); ++ PORT_SafeZero(tag, sizeof(tag)); + /* finish the decryption */ + rv = CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, + inbuf, inlen, AES_BLOCK_SIZE); +diff -up ./lib/freebl/hmacct.c.safe_zero ./lib/freebl/hmacct.c +--- ./lib/freebl/hmacct.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/hmacct.c 2023-11-22 14:42:24.246388369 -0800 +@@ -274,10 +274,10 @@ MAC(unsigned char *mdOut, + hashObj->end(mdState, mdOut, mdOutLen, mdOutMax); + hashObj->destroy(mdState, PR_TRUE); + +- PORT_Memset(lengthBytes, 0, sizeof lengthBytes); +- PORT_Memset(hmacPad, 0, sizeof hmacPad); +- PORT_Memset(firstBlock, 0, sizeof firstBlock); +- PORT_Memset(macOut, 0, sizeof macOut); ++ PORT_SafeZero(lengthBytes, sizeof lengthBytes); ++ PORT_SafeZero(hmacPad, sizeof hmacPad); ++ PORT_SafeZero(firstBlock, sizeof firstBlock); ++ PORT_SafeZero(macOut, sizeof macOut); + + return SECSuccess; + } +diff -up ./lib/freebl/intel-gcm-wrap.c.safe_zero ./lib/freebl/intel-gcm-wrap.c +--- ./lib/freebl/intel-gcm-wrap.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/intel-gcm-wrap.c 2023-11-22 14:42:24.246388369 -0800 +@@ -195,7 +195,7 @@ intel_aes_gcmInitCounter(intel_AES_GCMCo + void + intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit) + { +- PORT_Memset(gcm, 0, sizeof(intel_AES_GCMContext)); ++ PORT_SafeZero(gcm, sizeof(intel_AES_GCMContext)); + if (freeit) { + PORT_Free(gcm); + } +diff -up ./lib/freebl/ppc-gcm-wrap.c.safe_zero ./lib/freebl/ppc-gcm-wrap.c +--- ./lib/freebl/ppc-gcm-wrap.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/ppc-gcm-wrap.c 2023-11-22 14:42:24.246388369 -0800 +@@ -169,7 +169,7 @@ ppc_aes_gcmInitCounter(ppc_AES_GCMContex + void + ppc_AES_GCM_DestroyContext(ppc_AES_GCMContext *gcm, PRBool freeit) + { +- PORT_Memset(gcm, 0, sizeof(ppc_AES_GCMContext)); ++ PORT_SafeZero(gcm, sizeof(ppc_AES_GCMContext)); + if (freeit) { + PORT_Free(gcm); + } +diff -up ./lib/freebl/pqg.c.safe_zero ./lib/freebl/pqg.c +--- ./lib/freebl/pqg.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/pqg.c 2023-11-22 14:42:24.246388369 -0800 +@@ -703,7 +703,7 @@ cleanup: + mp_clear(&a); + mp_clear(&z); + mp_clear(&two_length_minus_1); +- PORT_Memset(x, 0, sizeof(x)); ++ PORT_SafeZero(x, sizeof(x)); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; +@@ -859,7 +859,7 @@ cleanup: + mp_clear(&c); + mp_clear(&c0); + mp_clear(&one); +- PORT_Memset(x, 0, sizeof(x)); ++ PORT_SafeZero(x, sizeof(x)); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; +@@ -1072,7 +1072,7 @@ makePfromQandSeed( + CHECK_MPI_OK(mp_sub_d(&c, 1, &c)); /* c -= 1 */ + CHECK_MPI_OK(mp_sub(&X, &c, P)); /* P = X - c */ + cleanup: +- PORT_Memset(V_j, 0, sizeof V_j); ++ PORT_SafeZero(V_j, sizeof V_j); + mp_clear(&W); + mp_clear(&X); + mp_clear(&c); +@@ -1221,7 +1221,7 @@ makeGfromIndex(HASH_HashType hashtype, + /* step 11. + * return valid G */ + cleanup: +- PORT_Memset(data, 0, sizeof(data)); ++ PORT_SafeZero(data, sizeof(data)); + if (hashcx) { + hashobj->destroy(hashcx, PR_TRUE); + } +diff -up ./lib/freebl/rijndael.c.safe_zero ./lib/freebl/rijndael.c +--- ./lib/freebl/rijndael.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/rijndael.c 2023-11-22 14:42:24.247388378 -0800 +@@ -1114,7 +1114,7 @@ AES_DestroyContext(AESContext *cx, PRBoo + cx->worker_cx = NULL; + cx->destroy = NULL; + } +- PORT_Memset(cx, 0, sizeof(AESContext)); ++ PORT_SafeZero(cx, sizeof(AESContext)); + if (freeit) { + PORT_Free(mem); + } else { +diff -up ./lib/freebl/rsa.c.safe_zero ./lib/freebl/rsa.c +--- ./lib/freebl/rsa.c.safe_zero 2023-11-22 14:41:24.066840894 -0800 ++++ ./lib/freebl/rsa.c 2023-11-22 14:42:24.247388378 -0800 +@@ -143,8 +143,8 @@ rsa_build_from_primes(const mp_int *p, c + /* 2. Compute phi = (p-1)*(q-1) */ + CHECK_MPI_OK(mp_sub_d(p, 1, &psub1)); + CHECK_MPI_OK(mp_sub_d(q, 1, &qsub1)); ++ CHECK_MPI_OK(mp_lcm(&psub1, &qsub1, &phi)); + if (needPublicExponent || needPrivateExponent) { +- CHECK_MPI_OK(mp_lcm(&psub1, &qsub1, &phi)); + /* 3. Compute d = e**-1 mod(phi) */ + /* or e = d**-1 mod(phi) as necessary */ + if (needPublicExponent) { +@@ -165,6 +165,15 @@ rsa_build_from_primes(const mp_int *p, c + goto cleanup; + } + ++ /* make sure we weren't passed in a d or e = 1 mod phi */ ++ /* just need to check d, because if one is = 1 mod phi, they both are */ ++ CHECK_MPI_OK(mp_mod(d, &phi, &tmp)); ++ if (mp_cmp_d(&tmp, 2) <= 0) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ rv = SECFailure; ++ goto cleanup; ++ } ++ + /* 4. Compute exponent1 = d mod (p-1) */ + CHECK_MPI_OK(mp_mod(d, &psub1, &tmp)); + MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena); +@@ -1152,6 +1161,8 @@ rsa_PrivateKeyOpCRTCheckedPubKey(RSAPriv + /* Perform a public key operation v = m ** e mod n */ + CHECK_MPI_OK(mp_exptmod(m, &e, &n, &v)); + if (mp_cmp(&v, c) != 0) { ++ /* this error triggers a fips fatal error lock */ ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + rv = SECFailure; + } + cleanup: +diff -up ./lib/freebl/rsapkcs.c.safe_zero ./lib/freebl/rsapkcs.c +--- ./lib/freebl/rsapkcs.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/rsapkcs.c 2023-11-22 14:42:24.247388378 -0800 +@@ -977,14 +977,14 @@ rsa_GetHMACContext(const SECHashObject * + /* now create the hmac key */ + hmac = HMAC_Create(hash, keyHash, keyLen, PR_TRUE); + if (hmac == NULL) { +- PORT_Memset(keyHash, 0, sizeof(keyHash)); ++ PORT_SafeZero(keyHash, sizeof(keyHash)); + return NULL; + } + HMAC_Begin(hmac); + HMAC_Update(hmac, input, inputLen); + rv = HMAC_Finish(hmac, keyHash, &keyLen, sizeof(keyHash)); + if (rv != SECSuccess) { +- PORT_Memset(keyHash, 0, sizeof(keyHash)); ++ PORT_SafeZero(keyHash, sizeof(keyHash)); + HMAC_Destroy(hmac, PR_TRUE); + return NULL; + } +@@ -992,7 +992,7 @@ rsa_GetHMACContext(const SECHashObject * + * reuse the original context allocated above so we don't + * need to allocate and free another one */ + rv = HMAC_ReInit(hmac, hash, keyHash, keyLen, PR_TRUE); +- PORT_Memset(keyHash, 0, sizeof(keyHash)); ++ PORT_SafeZero(keyHash, sizeof(keyHash)); + if (rv != SECSuccess) { + HMAC_Destroy(hmac, PR_TRUE); + return NULL; +@@ -1042,7 +1042,7 @@ rsa_HMACPrf(HMACContext *hmac, const cha + return rv; + } + PORT_Memcpy(output, hmacLast, left); +- PORT_Memset(hmacLast, 0, sizeof(hmacLast)); ++ PORT_SafeZero(hmacLast, sizeof(hmacLast)); + } + return rv; + } +@@ -1087,7 +1087,7 @@ rsa_GetErrorLength(HMACContext *hmac, in + outLength = PORT_CT_SEL(PORT_CT_LT(candidate, maxLegalLen), + candidate, outLength); + } +- PORT_Memset(out, 0, sizeof(out)); ++ PORT_SafeZero(out, sizeof(out)); + return outLength; + } + +diff -up ./lib/freebl/shvfy.c.safe_zero ./lib/freebl/shvfy.c +--- ./lib/freebl/shvfy.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/shvfy.c 2023-11-22 14:42:24.247388378 -0800 +@@ -365,7 +365,7 @@ blapi_SHVerifyDSACheck(PRFileDesc *shFD, + + /* verify the hash against the check file */ + rv = DSA_VerifyDigest(key, signature, &hash); +- PORT_Memset(hashBuf, 0, sizeof hashBuf); ++ PORT_SafeZero(hashBuf, sizeof hashBuf); + return (rv == SECSuccess) ? PR_TRUE : PR_FALSE; + } + #endif +@@ -427,7 +427,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD + if (rv == SECSuccess) { + result = SECITEM_ItemsAreEqual(signature, &hash); + } +- PORT_Memset(hashBuf, 0, sizeof hashBuf); ++ PORT_SafeZero(hashBuf, sizeof hashBuf); + return result; + } + +@@ -451,7 +451,7 @@ blapi_SHVerifyFile(const char *shName, P + #ifndef NSS_STRICT_INTEGRITY + DSAPublicKey key; + +- PORT_Memset(&key, 0, sizeof(key)); ++ PORT_SafeZero(&key, sizeof(key)); + #endif + + /* If our integrity check was never ran or failed, fail any other +@@ -597,7 +597,7 @@ blapi_SHVerifyFile(const char *shName, P + shFD = NULL; + + loser: +- PORT_Memset(&header, 0, sizeof header); ++ PORT_SafeZero(&header, sizeof header); + if (checkName != NULL) { + PORT_Free(checkName); + } +diff -up ./lib/freebl/tlsprfalg.c.safe_zero ./lib/freebl/tlsprfalg.c +--- ./lib/freebl/tlsprfalg.c.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/tlsprfalg.c 2023-11-22 14:42:24.247388378 -0800 +@@ -82,8 +82,8 @@ loser: + /* clear out state so it's not left on the stack */ + if (cx) + HMAC_Destroy(cx, PR_TRUE); +- PORT_Memset(state, 0, sizeof(state)); +- PORT_Memset(outbuf, 0, sizeof(outbuf)); ++ PORT_SafeZero(state, sizeof(state)); ++ PORT_SafeZero(outbuf, sizeof(outbuf)); + return rv; + } + +diff -up ./lib/freebl/unix_urandom.c.safe_zero ./lib/freebl/unix_urandom.c +--- ./lib/freebl/unix_urandom.c.safe_zero 2023-11-22 14:42:24.247388378 -0800 ++++ ./lib/freebl/unix_urandom.c 2023-11-22 14:44:15.519400684 -0800 +@@ -22,7 +22,7 @@ RNG_SystemInfoForRNG(void) + return; + } + RNG_RandomUpdate(bytes, numBytes); +- PORT_Memset(bytes, 0, sizeof bytes); ++ PORT_SafeZero(bytes, sizeof bytes); + } + + #ifdef NSS_FIPS_140_3 +diff -up ./lib/softoken/pkcs11c.c.safe_zero ./lib/softoken/pkcs11c.c +--- ./lib/softoken/pkcs11c.c.safe_zero 2023-11-22 14:41:24.069840921 -0800 ++++ ./lib/softoken/pkcs11c.c 2023-11-22 14:42:24.248388387 -0800 +@@ -5092,7 +5092,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + if ((signature_length >= pairwise_digest_length) && + (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) { + PORT_Free(signature); +- return CKR_DEVICE_ERROR; ++ return CKR_GENERAL_ERROR; + } + + /* Verify the known hash using the public key. */ +diff -up ./lib/util/secport.h.safe_zero ./lib/util/secport.h +--- ./lib/util/secport.h.safe_zero 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/util/secport.h 2023-11-22 14:42:24.248388387 -0800 +@@ -36,6 +36,9 @@ + #include + + #include ++/* ask for Annex K for memset_s. will set the appropriate #define ++ * if Annex K is supported */ ++#define __STDC_WANT_LIB_EXT1__ 1 + #include + #include + #include +@@ -182,6 +185,39 @@ SEC_END_PROTOS + #endif /*SUNOS4*/ + #define PORT_Memset memset + ++/* there are cases where the compiler optimizes away our attempt to clear ++ * out our stack variables. There are multiple solutions for this problem, ++ * but they aren't universally accepted on all platforms. This attempts ++ * to select the best solution available given our os, compilier, and libc */ ++#ifdef __STDC_LIB_EXT1__ ++/* if the os implements C11 annex K, use memset_s */ ++#define PORT_SafeZero(p, n) memset_s(p, n, 0, n) ++#else ++#ifdef XP_WIN ++/* windows has a secure zero funtion */ ++#define PORT_SafeZero(p, n) SecureZeroMemory(p, n) ++#else ++/* _DEFAULT_SORUCE == BSD source in GCC based environments ++ * if other environmens support explicit_bzero, their defines ++ * should be added here */ ++#if defined(_DEFAULT_SOURCE) || defined(_BSD_SOURCE) ++#define PORT_SafeZero(p, n) explicit_bzero(p, n) ++#else ++/* if the os doesn't support one of the above, but does support ++ * memset_explicit, you can add the definition for memset with the ++ * appropriate define check here */ ++/* define an explicitly implementated Safe zero if the OS ++ * doesn't provide one */ ++#define PORT_SafeZero(p, n) \ ++ if (p != NULL) { \ ++ volatile unsigned char *__vl = (unsigned char *)p; \ ++ size_t __nl = n; \ ++ while (__nl--) *__vl++ = 0; \ ++ } ++#endif /* no explicit_bzero */ ++#endif /* no windows SecureZeroMemory */ ++#endif /* no memset_s */ ++ + #define PORT_Strcasecmp PL_strcasecmp + #define PORT_Strcat strcat + #define PORT_Strchr strchr diff --git a/SOURCES/nss-3.90-pbkdf2-indicator.patch b/SOURCES/nss-3.90-pbkdf2-indicator.patch new file mode 100644 index 0000000..dbb7765 --- /dev/null +++ b/SOURCES/nss-3.90-pbkdf2-indicator.patch @@ -0,0 +1,42 @@ +diff -up ./lib/softoken/pkcs11u.c.pkcs12_indicator ./lib/softoken/pkcs11u.c +--- ./lib/softoken/pkcs11u.c.pkcs12_indicator 2023-08-03 10:50:37.067109367 -0700 ++++ ./lib/softoken/pkcs11u.c 2023-08-03 11:41:55.641541953 -0700 +@@ -2429,7 +2429,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + return PR_FALSE; + case SFTKFIPSECC: + /* we've already handled the curve selection in the 'getlength' +- * function */ ++ * function */ + return PR_TRUE; + case SFTKFIPSAEAD: { + if (mech->ulParameterLen == 0) { +@@ -2463,6 +2463,29 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + } + return PR_TRUE; + } ++ case SFTKFIPSPBKDF2: { ++ /* PBKDF2 must have the following addition restrictions ++ * (independent of keysize). ++ * 1. iteration count must be at least 1000. ++ * 2. salt must be at least 128 bits (16 bytes). ++ * 3. password must match the length specified in the SP ++ */ ++ CK_PKCS5_PBKD2_PARAMS *pbkdf2 = (CK_PKCS5_PBKD2_PARAMS *) ++ mech->pParameter; ++ if (mech->ulParameterLen != sizeof(*pbkdf2)) { ++ return PR_FALSE; ++ } ++ if (pbkdf2->iterations < 1000) { ++ return PR_FALSE; ++ } ++ if (pbkdf2->ulSaltSourceDataLen < 16) { ++ return PR_FALSE; ++ } ++ if (*(pbkdf2->ulPasswordLen) < SFTKFIPS_PBKDF2_MIN_PW_LEN) { ++ return PR_FALSE; ++ } ++ return PR_TRUE; ++ } + default: + break; + } diff --git a/SOURCES/nss-3.90-ppc_no_init.patch b/SOURCES/nss-3.90-ppc_no_init.patch new file mode 100644 index 0000000..134955a --- /dev/null +++ b/SOURCES/nss-3.90-ppc_no_init.patch @@ -0,0 +1,36 @@ +diff -up ./lib/freebl/Makefile.ppc_no_init ./lib/freebl/Makefile +--- ./lib/freebl/Makefile.ppc_no_init 2024-06-03 14:12:24.216755903 -0700 ++++ ./lib/freebl/Makefile 2024-06-03 14:11:36.464234903 -0700 +@@ -303,7 +303,7 @@ endif + ifeq ($(CPU_ARCH),ppc) + EXTRA_SRCS += gcm-ppc.c + ifdef USE_64 +- DEFINES += -DNSS_NO_INIT_SUPPORT ++# DEFINES += -DNSS_NO_INIT_SUPPORT + PPC_ABI := $(shell $(CC) -dM -E - < /dev/null | awk '$$2 == "_CALL_ELF" {print $$3}') + ifeq ($(PPC_ABI),2) + ASFILES += sha512-p8.s +diff -up ./lib/softoken/Makefile.ppc_no_init ./lib/softoken/Makefile +--- ./lib/softoken/Makefile.ppc_no_init 2024-06-03 14:12:44.664979003 -0700 ++++ ./lib/softoken/Makefile 2024-06-03 14:10:26.703473806 -0700 +@@ -23,13 +23,13 @@ include $(CORE_DEPTH)/coreconf/config.mk + ifdef NSS_NO_INIT_SUPPORT + DEFINES += -DNSS_NO_INIT_SUPPORT + endif +-ifeq ($(OS_TARGET),Linux) +-ifeq ($(CPU_ARCH),ppc) +-ifdef USE_64 +- DEFINES += -DNSS_NO_INIT_SUPPORT +-endif # USE_64 +-endif # ppc +-endif # Linux ++#ifeq ($(OS_TARGET),Linux) ++#ifeq ($(CPU_ARCH),ppc) ++#ifdef USE_64 ++# DEFINES += -DNSS_NO_INIT_SUPPORT ++#endif # USE_64 ++#endif # ppc ++#endif # Linux + + + ####################################################################### diff --git a/SOURCES/nss-config.in b/SOURCES/nss-config.in new file mode 100644 index 0000000..f8f893e --- /dev/null +++ b/SOURCES/nss-config.in @@ -0,0 +1,145 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +lib_ssl=yes +lib_smime=yes +lib_nss=yes +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + ssl) + lib_ssl=yes + ;; + smime) + lib_smime=yes + ;; + nss) + lib_nss=yes + ;; + nssutil) + lib_nssutil=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_ssl"; then + libdirs="$libdirs -lssl${major_version}" + fi + if test -n "$lib_smime"; then + libdirs="$libdirs -lsmime${major_version}" + fi + if test -n "$lib_nss"; then + libdirs="$libdirs -lnss${major_version}" + fi + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/SOURCES/nss-config.xml b/SOURCES/nss-config.xml new file mode 100644 index 0000000..f9518c9 --- /dev/null +++ b/SOURCES/nss-config.xml @@ -0,0 +1,132 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + nss-config + 1 + + + + nss-config + Return meta information about nss libraries + + + + + nss-config + + + + + + + + + + + + Description + + nss-config is a shell scrip + tool which can be used to obtain gcc options for building client pacakges of nspt. + + + + + Options + + + + + Returns the top level system directory under which the nss libraries are installed. + + + + + returns the top level system directory under which any nss binaries would be installed. + + + + count + returns the path to the directory were the nss libraries are installed. + + + + + returns the upstream version of nss in the form major_version-minor_version-patch_version. + + + + + returns the compiler linking flags. + + + + + returns the compiler include flags. + + + + + returns the path to the directory were the nss libraries are installed. + + + + + + + Examples + + The following example will query for both include path and linkage flags: + + + /usr/bin/nss-config --cflags --libs + + + + + + + + + Files + + /usr/bin/nss-config + + + + + See also + pkg-config(1) + + + + Authors + The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/SOURCES/nss-dso-ldflags.patch b/SOURCES/nss-dso-ldflags.patch new file mode 100644 index 0000000..d5485ae --- /dev/null +++ b/SOURCES/nss-dso-ldflags.patch @@ -0,0 +1,13 @@ +Index: nss/coreconf/Linux.mk +=================================================================== +--- nss.orig/coreconf/Linux.mk ++++ nss/coreconf/Linux.mk +@@ -144,7 +144,7 @@ ifdef USE_PTHREADS + endif + + DSO_CFLAGS = -fPIC +-DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections ++DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections $(DSO_LDFLAGS) + # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) + # incorrectly reports undefined references in the libraries we link with, so + # we don't use -z defs there. diff --git a/SOURCES/nss-no-dbm-man-page.patch b/SOURCES/nss-no-dbm-man-page.patch new file mode 100644 index 0000000..2a1a9d2 --- /dev/null +++ b/SOURCES/nss-no-dbm-man-page.patch @@ -0,0 +1,120 @@ +diff -up ./doc/certutil.xml.no-dbm ./doc/certutil.xml +--- ./doc/certutil.xml.no-dbm 2021-05-29 10:26:21.853386165 -0700 ++++ ./doc/certutil.xml 2021-05-29 10:31:15.057058619 -0700 +@@ -205,8 +205,7 @@ If this option is not used, the validity + certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). + NSS recognizes the following prefixes: + +- sql: requests the newer database +- dbm: requests the legacy database ++ sql: requests the sql-lite database + + If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then sql: is the default. + +@@ -1205,17 +1204,9 @@ BerkeleyDB. These new databases provide + + + +-Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. ++Because the SQLite databases are designed to be shared, these are the shared database type. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. +-Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: +- +-$ certutil -L -d dbm:/home/my/sharednssdb +- +-To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: +-export NSS_DEFAULT_DB_TYPE="dbm" +- +-This line can be set added to the ~/.bashrc file to make the change permanent. ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. + + + +diff -up ./doc/modutil.xml.no-dbm ./doc/modutil.xml +--- ./doc/modutil.xml.no-dbm 2021-05-29 10:26:21.854386171 -0700 ++++ ./doc/modutil.xml 2021-05-29 10:28:23.293078869 -0700 +@@ -151,7 +151,7 @@ + + -dbdir directory + Specify the database directory in which to access or create security module database files. +- modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in SQLite format. ++ modutil supports SQLite databases (cert9.db, key4.db, and pkcs11.txt). + + + +@@ -689,15 +689,7 @@ BerkleyDB. These new databases provide m + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. +-Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: +- +-modutil -create -dbdir dbm:/home/my/sharednssdb +- +-To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: +-export NSS_DEFAULT_DB_TYPE="dbm" +- +-This line can be added to the ~/.bashrc file to make the change permanent for the user. ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. + + + +diff -up ./doc/pk12util.xml.no-dbm ./doc/pk12util.xml +--- ./doc/pk12util.xml.no-dbm 2021-05-29 10:26:21.854386171 -0700 ++++ ./doc/pk12util.xml 2021-05-29 10:28:23.293078869 -0700 +@@ -90,7 +90,7 @@ + + -d directory + Specify the database directory into which to import to or export from certificates and keys. +- pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in the SQLite format. ++ pk12util supports SQLite databases (cert9.db, key4.db, and pkcs11.txt). + + + +@@ -394,15 +394,7 @@ BerkleyDB. These new databases provide m + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type +-Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: +- +-# pk12util -i /tmp/cert-files/users.p12 -d dbm:/home/my/sharednssdb +- +-To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: +-export NSS_DEFAULT_DB_TYPE="dbm" +- +-This line can be set added to the ~/.bashrc file to make the change permanent. ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. + + + +diff -up ./doc/signver.xml.no-dbm ./doc/signver.xml +--- ./doc/signver.xml.no-dbm 2021-05-29 10:26:21.854386171 -0700 ++++ ./doc/signver.xml 2021-05-29 10:28:23.293078869 -0700 +@@ -66,7 +66,7 @@ + + -d directory + Specify the database directory which contains the certificates and keys. +- signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in the SQLite format. ++ signver supports SQLite databases (cert9.db, key4.db, and pkcs11.txt). + + + -a +@@ -155,15 +155,7 @@ BerkleyDB. These new databases provide m + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type +-Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: +- +-# signver -A -s signature -d dbm:/home/my/sharednssdb +- +-To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: +-export NSS_DEFAULT_DB_TYPE="dbm" +- +-This line can be added to the ~/.bashrc file to make the change permanent for the user. ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. + + + diff --git a/SOURCES/nss-signtool-format.patch b/SOURCES/nss-signtool-format.patch new file mode 100644 index 0000000..f81d35c --- /dev/null +++ b/SOURCES/nss-signtool-format.patch @@ -0,0 +1,85 @@ +diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c +--- a/cmd/modutil/install.c ++++ b/cmd/modutil/install.c +@@ -825,17 +825,20 @@ rm_dash_r(char *path) + + dir = PR_OpenDir(path); + if (!dir) { + return -1; + } + + /* Recursively delete all entries in the directory */ + while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { +- snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); ++ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) { ++ PR_CloseDir(dir); ++ return -1; ++ } + if (rm_dash_r(filename)) { + PR_CloseDir(dir); + return -1; + } + } + + if (PR_CloseDir(dir) != PR_SUCCESS) { + return -1; +diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c +--- a/cmd/signtool/util.c ++++ b/cmd/signtool/util.c +@@ -138,6 +138,12 @@ rm_dash_r(char *path) + /* Recursively delete all entries in the directory */ + while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { + snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); ++ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name ++) >= sizeof(filename)) { ++ errorCount++; ++ PR_CloseDir(dir); ++ return -1; ++ } + if (rm_dash_r(filename)) { + PR_CloseDir(dir); + return -1; +diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c +--- a/lib/libpkix/pkix/util/pkix_list.c ++++ b/lib/libpkix/pkix/util/pkix_list.c +@@ -1530,17 +1530,17 @@ cleanup: + */ + PKIX_Error * + PKIX_List_SetItem( + PKIX_List *list, + PKIX_UInt32 index, + PKIX_PL_Object *item, + void *plContext) + { +- PKIX_List *element; ++ PKIX_List *element = NULL; + + PKIX_ENTER(LIST, "PKIX_List_SetItem"); + PKIX_NULLCHECK_ONE(list); + + if (list->immutable){ + PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); + } + +diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c +--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c ++++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c +@@ -102,17 +102,17 @@ cleanup: + */ + static PKIX_Error * + pkix_pl_OID_Equals( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Boolean *pResult, + void *plContext) + { +- PKIX_Int32 cmpResult; ++ PKIX_Int32 cmpResult = 0; + + PKIX_ENTER(OID, "pkix_pl_OID_Equals"); + PKIX_NULLCHECK_THREE(first, second, pResult); + + PKIX_CHECK(pkix_pl_OID_Comparator + (first, second, &cmpResult, plContext), + PKIX_OIDCOMPARATORFAILED); + diff --git a/SOURCES/nss-softokn-config.in b/SOURCES/nss-softokn-config.in new file mode 100644 index 0000000..c7abe29 --- /dev/null +++ b/SOURCES/nss-softokn-config.in @@ -0,0 +1,116 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-softokn` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-softokn` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-softokn` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + echo $libdirs +fi + diff --git a/SOURCES/nss-softokn-dracut-module-setup.sh b/SOURCES/nss-softokn-dracut-module-setup.sh new file mode 100644 index 0000000..010ec18 --- /dev/null +++ b/SOURCES/nss-softokn-dracut-module-setup.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +check() { + return 255 +} + +depends() { + return 0 +} + +install() { + local _dir + + inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \ + libfreebl3.so +} diff --git a/SOURCES/nss-softokn-dracut.conf b/SOURCES/nss-softokn-dracut.conf new file mode 100644 index 0000000..2d9232e --- /dev/null +++ b/SOURCES/nss-softokn-dracut.conf @@ -0,0 +1,3 @@ +# turn on nss-softokn module + +add_dracutmodules+=" nss-softokn " diff --git a/SOURCES/nss-softokn.pc.in b/SOURCES/nss-softokn.pc.in new file mode 100644 index 0000000..022ebbf --- /dev/null +++ b/SOURCES/nss-softokn.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS-SOFTOKN +Description: Network Security Services Softoken PKCS #11 Module +Version: %SOFTOKEN_VERSION% +Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% +Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3 +Cflags: -I${includedir} diff --git a/SOURCES/nss-util-config.in b/SOURCES/nss-util-config.in new file mode 100644 index 0000000..532abbe --- /dev/null +++ b/SOURCES/nss-util-config.in @@ -0,0 +1,118 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-util` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-util` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-util` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/SOURCES/nss-util.pc.in b/SOURCES/nss-util.pc.in new file mode 100644 index 0000000..1310248 --- /dev/null +++ b/SOURCES/nss-util.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS-UTIL +Description: Network Security Services Utility Library +Version: %NSSUTIL_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -L${libdir} -lnssutil3 +Cflags: -I${includedir} diff --git a/SOURCES/nss.pc.in b/SOURCES/nss.pc.in new file mode 100644 index 0000000..69823cb --- /dev/null +++ b/SOURCES/nss.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS +Description: Network Security Services +Version: %NSS_VERSION% +Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% +Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 +Cflags: -I${includedir} diff --git a/SOURCES/pkcs11.txt.xml b/SOURCES/pkcs11.txt.xml new file mode 100644 index 0000000..d30e469 --- /dev/null +++ b/SOURCES/pkcs11.txt.xml @@ -0,0 +1,56 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + pkcs11.txt + 5 + + + + pkcs11.txt + NSS PKCS #11 module configuration file + + + + Description + +The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules. + + +For full documentation visit PKCS #11 Module Specs. + + + + + Files + /etc/pki/nssdb/pkcs11.txt + + + + Authors + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/SOURCES/setup-nsssysinit.sh b/SOURCES/setup-nsssysinit.sh new file mode 100755 index 0000000..8e1f5f7 --- /dev/null +++ b/SOURCES/setup-nsssysinit.sh @@ -0,0 +1,68 @@ +#!/bin/sh +# +# Turns on or off the nss-sysinit module db by editing the +# global PKCS #11 congiguration file. Displays the status. +# +# This script can be invoked by the user as super user. +# It is invoked at nss-sysinit post install time with argument on. +# +usage() +{ + cat <&2 +fi + +# the system-wide configuration file +p11conf="/etc/pki/nssdb/pkcs11.txt" +# must exist, otherwise report it and exit with failure +if [ ! -f $p11conf ]; then + echo "Could not find ${p11conf}" + exit 1 +fi + +# check if nsssysinit is currently enabled or disabled +sysinit_enabled() +{ + grep -q '^library=libnsssysinit' ${p11conf} +} + +umask 022 +case "$1" in + on | ON ) + if sysinit_enabled; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=$/library=libnsssysinit.so/' \ + -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \ + ${p11conf}.on + mv ${p11conf}.on ${p11conf} + ;; + off | OFF ) + if ! sysinit_enabled; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=libnsssysinit.so/library=/' \ + -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \ + ${p11conf}.off + mv ${p11conf}.off ${p11conf} + ;; + status ) + echo -n 'NSS sysinit is ' + sysinit_enabled && echo 'enabled' || echo 'disabled' + ;; + * ) + usage 1 1>&2 + ;; +esac diff --git a/SOURCES/setup-nsssysinit.xml b/SOURCES/setup-nsssysinit.xml new file mode 100644 index 0000000..5b9827f --- /dev/null +++ b/SOURCES/setup-nsssysinit.xml @@ -0,0 +1,106 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + setup-nsssysinit + 1 + + + + setup-nsssysinit + Query or enable the nss-sysinit module + + + + + setup-nsssysinit + + + + + + + + Description + setup-nsssysinit is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. + Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on. + + + + + Options + + + + + Turn on nss-sysinit. + + + + + Turn on nss-sysinit. + + + + + returns whether nss-syinit is enabled or not. + + + + + + + Examples + + The following example will query for the status of nss-sysinit: + + /usr/bin/setup-nsssysinit status + + + + The following example, when run as superuser, will turn on nss-sysinit: + + /usr/bin/setup-nsssysinit on + + + + + + + Files + /usr/bin/setup-nsssysinit + + + + See also + pkg-config(1) + + + + Authors + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/SOURCES/system-pkcs11.txt b/SOURCES/system-pkcs11.txt new file mode 100644 index 0000000..c2f5704 --- /dev/null +++ b/SOURCES/system-pkcs11.txt @@ -0,0 +1,5 @@ +library=libnsssysinit.so +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/SPECS/nss.spec b/SPECS/nss.spec new file mode 100644 index 0000000..233909b --- /dev/null +++ b/SPECS/nss.spec @@ -0,0 +1,2892 @@ +%global nss_version 3.101.0 +%global nspr_version 4.35.0 +# NOTE: To avoid NVR clashes of nspr* packages: +# - reset %%{nspr_release} to 1, when updating %%{nspr_version} +# - increment %%{nspr_version}, when updating the NSS part only +%global baserelease 7 +%global nss_release %baserelease +# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when +# release number between nss and nspr are different. +%global nspr_release %[%baserelease+21] +# only need to update this as we added new +# algorithms under nss policy control +%global crypto_policies_version 20240522 +%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools +%global saved_files_dir %{_libdir}/nss/saved +%global dracutlibdir %{_prefix}/lib/dracut +%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/ +%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d + +%bcond_without tests +%bcond_with dbm + +# Produce .chk files for the final stripped binaries +# +# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links +# against the freebl that we just built. This is necessary +# because the signing algorithm changed on 3.14 to DSA2 with SHA256 +# whereas we previously signed with DSA and SHA1. We must Keep this line +# until all mock platforms have been updated. +# After %%{__os_install_post} we would add +# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \ + $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \ + $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \ + %{?with_dbm:$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so} \ +%{nil} + +# The upstream omits the trailing ".0", while we need it for +# consistency with the pkg-config version: +# https://bugzilla.redhat.com/show_bug.cgi?id=1578106 +%{lua: +rpm.define(string.format("nspr_archive_version %s", + string.gsub(rpm.expand("%nspr_version"), "(.*)%.0$", "%1"))) +} + +%{lua: +rpm.define(string.format("nss_archive_version %s", + string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1"))) +} + +%{lua: +rpm.define(string.format("nss_release_tag NSS_%s_RTM", + string.gsub(rpm.expand("%nss_archive_version"), "%.", "_"))) +} + +%global nss_nspr_archive nss-%{nss_archive_version}-with-nspr-%{nspr_archive_version} + +# This is taken from gnutls.spec +%define srpmhash() %{lua: +local files = rpm.expand("%_specdir/nss.spec") +for i, p in ipairs(patches) do + files = files.." "..p +end +for i, p in ipairs(sources) do + files = files.." "..p +end +local sha256sum = assert(io.popen("cat "..files.."| sha256sum")) +local hash = sha256sum:read("*a") +sha256sum:close() +print(string.sub(hash, 0, 16)) +} + +Summary: Network Security Services +Name: nss +Version: %{nss_version} +Release: %{nss_release}%{?dist} +License: MPL-2.0 +URL: http://www.mozilla.org/projects/security/pki/nss/ +Requires: nspr >= %{nspr_version} +Requires: nss-util >= %{nss_version} +# TODO: revert to same version as nss once we are done with the merge +Requires: nss-softokn%{_isa} >= %{nss_version} +Requires: nss-system-init +Requires: p11-kit-trust +Requires: crypto-policies >= %{crypto_policies_version} +# for shlibsign +BuildRequires: make +BuildRequires: nss-softokn +BuildRequires: sqlite-devel +BuildRequires: zlib-devel +BuildRequires: pkgconfig +BuildRequires: gawk +BuildRequires: psmisc +BuildRequires: perl-interpreter +BuildRequires: gcc-c++ + +Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{nss_nspr_archive}.tar.gz +Source1: nss-util.pc.in +Source2: nss-util-config.in +Source3: nss-softokn.pc.in +Source4: nss-softokn-config.in +Source6: nss-softokn-dracut-module-setup.sh +Source7: nss-softokn-dracut.conf +Source8: nss.pc.in +Source9: nss-config.in +%if %{with dbm} +Source10: blank-cert8.db +Source11: blank-key3.db +Source12: blank-secmod.db +%endif +Source13: blank-cert9.db +Source14: blank-key4.db +Source15: system-pkcs11.txt +Source16: setup-nsssysinit.sh +Source20: nss-config.xml +Source21: setup-nsssysinit.xml +Source22: pkcs11.txt.xml +Source24: cert9.db.xml +Source26: key4.db.xml +%if %{with dbm} +Source23: cert8.db.xml +Source25: key3.db.xml +Source27: secmod.db.xml +%endif +# fips algorithms are tied to the red hat validation, others +# will have their own validation +Source30: fips_algorithms.h + +Source101: nspr-config.xml + +# This patch uses the GCC -iquote option documented at +# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options +# to give the in-tree headers a higher priority over the system headers, +# when they are included through the quote form (#include "file.h"). +# +# This ensures a build even when system headers are older. Such is the +# case when starting an update with API changes or even private export +# changes. +# +# Once the buildroot has been bootstrapped the patch may be removed +# but it doesn't hurt to keep it. +Patch4: iquote.patch +Patch12: nss-signtool-format.patch +Patch20: nss-3.101-extend-db-dump-time.patch +Patch21: nss-3.101-enable-sdb-tests.patch + +# connect our shared library to the build root loader flags (needed for -relro) +Patch31: nss-dso-ldflags.patch +Patch32: nss-3.101-disable-md5.patch +# rhel10 disabled dbm by default +Patch33: nss-no-dbm-man-page.patch + +# not upstreamable patch... +Patch34: nss-3.71-fix-lto-gtests.patch +# camellia pkcs12 docs. +Patch35: nss-3.71-camellia-pkcs12-doc.patch +# disable ech +Patch36: nss-3.101-disable-ech.patch + +# patches that expect to be upstreamed +# https://bugzilla.mozilla.org/show_bug.cgi?id=1767883 +Patch50: nss-3.79-fips.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 +# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925 +Patch51: nss-3.101-fips-review.patches +Patch52: nss-3.90-pbkdf2-indicator.patch +Patch53: nss-3.101-skip-ocsp-if-not-connected.patch + +# ems policy. needs to upstream +Patch60: nss-3.101-add-ems-policy.patch +Patch70: nss-3.90-fips-safe-memset.patch +Patch71: nss-3.101-fips-indicators.patch +Patch72: nss-3.90-aes-gmc-indicator.patch +Patch73: nss-3.90-fips-indicators2.patch +Patch74: nss-3.90-dh-test-update.patch +Patch75: nss-3.90-ppc_no_init.patch +Patch76: nss-3.101-enable-kyber-policy.patch +Patch77: nss-3.101-fix-rsa-policy-test.patch +Patch78: nss-3.101-fix-pkcs12-md5-decode.patch +Patch81: nss-3.101-fix-missing-size-checks.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1905691 +Patch82: nss-3.101-chacha-timing-fix.patch +Patch83: nss-3.101-add-certificate-compression-test.patch +Patch84: nss-3.101-fix-pkcs12-pbkdf1-encoding.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=676100 +Patch85: nss-3.101-fix-cms-abi-break.patch +Patch86: nss-3.101-long-pwd-fix.patch +Patch87: nss-3.101-fix-cavs-test.patch + +# RHEL-10 specific +Patch90: nss-3.101-disable_dsa.patch + +# NSS reverse patches +Patch300: nss-3.79-distrusted-certs.patch + +Patch100: nspr-config-pc.patch +Patch101: nspr-gcc-atomics.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1769293 +Patch110: nspr-4.34-fix-coverity-loop-issue.patch +Patch120: nspr-4.34-server-passive.patch + +%description +Network Security Services (NSS) is a set of libraries designed to +support cross-platform development of security-enabled client and +server applications. Applications built with NSS can support SSL v2 +and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 +v3 certificates, and other security standards. + +%package tools +Summary: Tools for the Network Security Services +Requires: %{name}%{?_isa} = %{nss_version}-%{release} + +%description tools +Network Security Services (NSS) is a set of libraries designed to +support cross-platform development of security-enabled client and +server applications. Applications built with NSS can support SSL v2 +and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 +v3 certificates, and other security standards. + +Install the nss-tools package if you need command-line tools to +manipulate the NSS certificate and key database. + +%package sysinit +Summary: System NSS Initialization +# providing nss-system-init without version so that it can +# be replaced by a better one, e.g. supplied by the os vendor +Provides: nss-system-init +Requires: nss%{?_isa} = %{nss_version}-%{release} +Requires(post): coreutils, sed + +%description sysinit +Default Operating System module that manages applications loading +NSS globally on the system. This module loads the system defined +PKCS #11 modules for NSS and chains with other NSS modules to load +any system or user configured modules. + +%package devel +Summary: Development libraries for Network Security Services +Provides: nss-static = %{nss_version}-%{release} +Requires: nss%{?_isa} = %{nss_version}-%{release} +Requires: nss-util-devel +Requires: nss-softokn-devel +Requires: nspr-devel >= %{nspr_version} +Requires: pkgconfig +BuildRequires: xmlto + +%description devel +Header and Library files for doing development with Network Security Services. + + +%package pkcs11-devel +Summary: Development libraries for PKCS #11 (Cryptoki) using NSS +Provides: nss-pkcs11-devel-static = %{nss_version}-%{release} +Requires: nss-devel = %{nss_version}-%{release} +Requires: nss-softokn-freebl-devel = %{nss_version}-%{release} + +%description pkcs11-devel +Library files for developing PKCS #11 modules using basic NSS +low level services. + + +%package util +Summary: Network Security Services Utilities Library +Requires: nspr >= %{nspr_version} + +%description util +Utilities for Network Security Services and the Softoken module + +%package util-devel +Summary: Development libraries for Network Security Services Utilities +Requires: nss-util%{?_isa} = %{nss_version}-%{release} +Requires: nspr-devel >= %{nspr_version} +Requires: pkgconfig + +%description util-devel +Header and library files for doing development with Network Security Services. + + +%package softokn +Summary: Network Security Services Softoken Module +Requires: nspr >= %{nspr_version} +Requires: nss-util >= %{nss_version}-%{release} +Requires: nss-softokn-freebl%{_isa} >= %{nss_version}-%{release} + +%description softokn +Network Security Services Softoken Cryptographic Module + +%package softokn-freebl +Summary: Freebl library for the Network Security Services +# For PR_GetEnvSecure() from nspr >= 4.12 +Requires: nspr >= 4.12 +# For NSS_SecureMemcmpZero() from nss-util >= 3.33 +Requires: nss-util >= 3.33 +Conflicts: nss < 3.12.2.99.3-5 +Conflicts: filesystem < 3 + +%description softokn-freebl +NSS Softoken Cryptographic Module Freebl Library + +Install the nss-softokn-freebl package if you need the freebl library. + +%package softokn-freebl-devel +Summary: Header and Library files for doing development with the Freebl library for NSS +Provides: nss-softokn-freebl-static = %{nss_version}-%{release} +Requires: nss-softokn-freebl%{?_isa} = %{nss_version}-%{release} + +%description softokn-freebl-devel +NSS Softoken Cryptographic Module Freebl Library Development Tools +This package supports special needs of some PKCS #11 module developers and +is otherwise considered private to NSS. As such, the programming interfaces +may change and the usual NSS binary compatibility commitments do not apply. +Developers should rely only on the officially supported NSS public API. + +%package softokn-devel +Summary: Development libraries for Network Security Services +Requires: nss-softokn%{?_isa} = %{nss_version}-%{release} +Requires: nss-softokn-freebl-devel%{?_isa} = %{nss_version}-%{release} +Requires: nspr-devel >= %{nspr_version} +Requires: nss-util-devel >= %{nss_version}-%{release} +Requires: pkgconfig + +%description softokn-devel +Header and library files for doing development with Network Security Services. + +%package -n nspr +Summary: Netscape Portable Runtime +Version: %{nspr_version} +Release: %{nspr_release}%{?dist} +License: MPL-2.0 +URL: http://www.mozilla.org/projects/nspr/ +Conflicts: filesystem < 3 +BuildRequires: gcc + +%description -n nspr +NSPR provides platform independence for non-GUI operating system +facilities. These facilities include threads, thread synchronization, +normal file and network I/O, interval timing and calendar time, basic +memory management (malloc and free) and shared library linking. + +%package -n nspr-devel +Summary: Development libraries for the Netscape Portable Runtime +Version: %{nspr_version} +Release: %{nspr_release}%{?dist} +Requires: nspr%{?_isa} = %{nspr_version}-%{nspr_release}%{?dist} +Requires: pkgconfig +BuildRequires: xmlto +Conflicts: filesystem < 3 + +%description -n nspr-devel +Header files for doing development with the Netscape Portable Runtime. + +%prep +%setup -q -T -b 0 -n %{name}-%{nss_archive_version} +cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in + +%patch -P 100 -p0 -b .flags +pushd nspr +%autopatch -p 1 -m 101 -M 299 +popd + +pushd nss +%autopatch -p1 -M 99 +# sigh it would be nice if autopatch supported -R +%patch -P 300 -R -p 1 +popd + +# copy the fips_algorithms.h for this release +# this file is release specific and matches what +# each vendors claim in their own FIPS certification +cp %{SOURCE30} nss/lib/softoken/ + +# https://bugzilla.redhat.com/show_bug.cgi?id=1247353 +find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \; + + +%build +# Build, check, and install NSPR for building NSS in the later phase +# +# TODO: This phase can be done by the NSS build process if we switch +# to using "make nss_build_all". For now, however, we need some +# adjustment in the NSS build process. +mkdir -p nspr_build +pushd nspr_build +../nspr/configure \ + --prefix=%{_prefix} \ + --libdir=%{_libdir} \ + --includedir=%{_includedir}/nspr4 \ + --with-dist-prefix=$PWD/../dist \ +%ifnarch noarch +%if 0%{__isa_bits} == 64 + --enable-64bit \ +%endif +%endif +%ifarch armv7l armv7hl armv7nhl + --enable-thumb2 \ +%endif + --enable-optimize="$RPM_OPT_FLAGS" \ + --disable-debug + +# The assembly files are only for legacy atomics, to which we prefer GCC atomics +%ifarch i686 x86_64 +sed -i '/^PR_MD_ASFILES/d' config/autoconf.mk +%endif +make + +date +"%e %B %Y" | tr -d '\n' > date.xml +echo -n %{nspr_version} > version.xml + +for m in %{SOURCE101}; do + cp ${m} . +done +for m in nspr-config.xml; do + xmlto man ${m} +done +popd + +# Build NSS +# +# This package fails its testsuite with LTO. Disable LTO for now +#%%global _lto_cflags %%{nil} + +#export FREEBL_NO_DEPEND=1 + +# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets +# copied to dist and the rpm install phase can find it +# This due of the upstream changes to fix +# https://bugzilla.mozilla.org/show_bug.cgi?id=717906 +# export FREEBL_LOWHASH=1 + +# uncomment if the iquote patch is activated +export IN_TREE_FREEBL_HEADERS_FIRST=1 + +# deprication +export NSS_DISABLE_DEPRECATED_SEED=1 +export NSS_DISABLE_DSA=1 + +# FIPS related defines +export NSS_FORCE_FIPS=1 +export NSS_FIPS_VERSION="%{name}\ %{nss_version}-%{srpmhash}" +eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release | sed -e 's/ /\\ /g') +export FIPS_MODULE_OS="$OS_NAME\ ${OS_VERSION_ID%%.*}" +export NSS_FIPS_MODULE_ID="${FIPS_MODULE_OS}\ ${NSS_FIPS_VERSION}" +# remove when the infrastructure is fixed +export NSS_FIPS_140_3=1 +export NSS_ENABLE_FIPS_INDICATORS=1 + +# Enable compiler optimizations and disable debugging code +export BUILD_OPT=1 + +# Uncomment to disable optimizations +#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` +#export RPM_OPT_FLAGS + +# Generate symbolic info for debuggers +export XCFLAGS=$RPM_OPT_FLAGS + +# Work around false-positive warnings with gcc 10: +# https://bugzilla.redhat.com/show_bug.cgi?id=1803029 +%ifarch s390x +export XCFLAGS="$XCFLAGS -Wno-error=maybe-uninitialized" +%endif + +# Similarly, but for gcc-11 +export XCFLAGS="$XCFLAGS -Wno-array-parameter" + +export LDFLAGS=$RPM_LD_FLAGS + +export DSO_LDFLAGS=$RPM_LD_FLAGS + +export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 +export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + +export NSPR_INCLUDE_DIR=$PWD/dist/include/nspr +export NSPR_LIB_DIR=$PWD/dist/lib + +export NSS_USE_SYSTEM_SQLITE=1 + +export NSS_ALLOW_SSLKEYLOGFILE=1 + +export NSS_SEED_ONLY_DEV_URANDOM=1 + +%if %{with dbm} +%else +export NSS_DISABLE_DBM=1 +%endif + +%ifnarch noarch +%if 0%{__isa_bits} == 64 +export USE_64=1 +%endif +%endif + +# Set the policy file location +# if set NSS will always check for the policy file and load if it exists +export POLICY_FILE="nss.config" +# location of the policy file +export POLICY_PATH="/etc/crypto-policies/back-ends" + + +%{__make} -C ./nss all +%{__make} -C ./nss latest + +# build the man pages clean +pushd ./nss +%{__make} clean_docs build_docs +popd + +# and copy them to the dist directory for %%install to find them +mkdir -p ./dist/docs/nroff +cp ./nss/doc/nroff/* ./dist/docs/nroff + +# Set up our package files +mkdir -p ./dist/pkgconfig + +cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{nss_version},g" > \ + ./dist/pkgconfig/nss-util.pc + +NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'` +NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'` +NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'` + +cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \ + > ./dist/pkgconfig/nss-util-config + +chmod 755 ./dist/pkgconfig/nss-util-config + +cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{nss_version},g" \ + -e "s,%%SOFTOKEN_VERSION%%,%{nss_version},g" > \ + ./dist/pkgconfig/nss-softokn.pc + +SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'` +SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'` +SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'` + +cat %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \ + > ./dist/pkgconfig/nss-softokn-config + +chmod 755 ./dist/pkgconfig/nss-softokn-config + +cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSS_VERSION%%,%{nss_version},g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{nss_version},g" \ + -e "s,%%SOFTOKEN_VERSION%%,%{nss_version},g" > \ + ./dist/pkgconfig/nss.pc + +NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` +NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` +NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` + +cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ + > ./dist/pkgconfig/nss-config + +chmod 755 ./dist/pkgconfig/nss-config + +cat %{SOURCE16} > ./dist/pkgconfig/setup-nsssysinit.sh +chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh + +cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/ + +date +"%e %B %Y" | tr -d '\n' > date.xml +echo -n %{nss_version} > version.xml + +# configuration files and setup script +%if %{with dbm} +%global XMLSOURCES %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27} +%global dbfiles cert8.db key3.db secmod.db cert9.db key4.db pkcs11.txt +%else +%global XMLSOURCES %{SOURCE22} %{SOURCE24} %{SOURCE26} +%global dbfiles cert9.db key4.db pkcs11.txt +%endif +for m in %{SOURCE20} %{SOURCE21} %{XMLSOURCES}; do + cp ${m} . +done +%global configFiles nss-config setup-nsssysinit +for m in %{configFiles} %{dbfiles}; do + xmlto man ${m}.xml +done + + +%check +%if %{with tests} +pushd nspr_build +# Run test suite. +perl ../nspr/pr/tests/runtests.pl 2>&1 | tee output.log + +TEST_FAILURES=`grep -c FAILED ./output.log` || : +if [ $TEST_FAILURES -ne 0 ]; then + echo "error: test suite returned failure(s)" + exit 1 +fi +echo "test suite completed" +popd +%endif + +%if %{with tests} +# Begin -- copied from the build section + +export FREEBL_NO_DEPEND=1 + +export BUILD_OPT=1 +export NSS_DISABLE_PPC_GHASH=1 +export NSS_DISABLE_DEPRECATED_SEED=1 +export NSS_DISABLE_DSA=1 + +%ifnarch noarch +%if 0%{__isa_bits} == 64 +export USE_64=1 +%endif +%endif + +# End -- copied from the build section + +# copy the nspr libraries into the NSS object directory so we use the +# newly compiled nspr binaries in our test rather than the build root +# versions +export LOBJDIR=`make -s -C ./nss/tests/common objdir_name` +for i in ./dist/lib/*.so +do + cp $i ./dist/${LOBJDIR}/lib +done + +# This is necessary because the test suite tests algorithms that are +# disabled by the system policy. +export NSS_IGNORE_SYSTEM_POLICY=1 + +# enable the following line to force a test failure +# find ./nss -name \*.chk | xargs rm -f + +# Run test suite. +# In order to support multiple concurrent executions of the test suite +# (caused by concurrent RPM builds) on a single host, +# we'll use a random port. Also, we want to clean up any stuck +# selfserv processes. If process name "selfserv" is used everywhere, +# we can't simply do a "killall selfserv", because it could disturb +# concurrent builds. Therefore we'll do a search and replace and use +# a different process name. +# Using xargs doesn't mix well with spaces in filenames, in order to +# avoid weird quoting we'll require that no spaces are being used. + +SPACEISBAD=`find ./nss/tests | grep -c ' '` ||: +if [ $SPACEISBAD -ne 0 ]; then + echo "error: filenames containing space are not supported (xargs)" + exit 1 +fi +export MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND +export RANDSERV=selfserv_${MYRAND}; echo $RANDSERV +export DISTBINDIR=./dist/${LOBJDIR}/bin +pushd "$DISTBINDIR" +ln -s selfserv $RANDSERV +popd +# man perlrun, man perlrequick +# replace word-occurrences of selfserv with selfserv_$MYRAND +find ./nss/tests -type f |\ + grep -v "\.db$" |grep -v "\.crl$" | grep -v "\.crt$" |\ + grep -vw CVS |xargs grep -lw selfserv |\ + xargs -l perl -pi -e "s/\bselfserv\b/$RANDSERV/g" ||: + +killall $RANDSERV || : + +rm -rf ./tests_results +pushd nss/tests +# all.sh is the test suite script + +# don't need to run all the tests when testing packaging +# nss_cycles: standard pkix upgradedb sharedb +# the full list from all.sh is: +# "cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests" +%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests" +# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr policy +# nss_ssl_run: cov auth stapling stress +# +# Uncomment these lines if you need to temporarily +# disable some test suites for faster test builds +# % define nss_ssl_tests "normal_fips" +# % define nss_ssl_run "cov" + +HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh +popd + +killall $RANDSERV || : +%endif + +%install + +pushd nspr_build +make install DESTDIR=$RPM_BUILD_ROOT + +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig + +# Get rid of the things we don't want installed (per upstream) +rm -rf \ + $RPM_BUILD_ROOT/%{_bindir}/compile-et.pl \ + $RPM_BUILD_ROOT/%{_bindir}/prerr.properties \ + $RPM_BUILD_ROOT/%{_libdir}/libnspr4.a \ + $RPM_BUILD_ROOT/%{_libdir}/libplc4.a \ + $RPM_BUILD_ROOT/%{_libdir}/libplds4.a \ + $RPM_BUILD_ROOT/%{_datadir}/aclocal/nspr.m4 \ + $RPM_BUILD_ROOT/%{_includedir}/nspr4/md + +for f in nspr-config; do + install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 +done +popd + +# Begin -- copied from the build section +# this is needed to make sure LOBJDIR is correct + +export FREEBL_NO_DEPEND=1 + +export BUILD_OPT=1 +export NSS_DISABLE_PPC_GHASH=1 + +%ifnarch noarch +%if 0%{__isa_bits} == 64 +export USE_64=1 +%endif +%endif + +# End -- copied from the build section + +# get the objdir value from the test make file +export LOBJDIR=`make -s -C ./nss/tests/common objdir_name` + +# There is no make install target so we'll do it ourselves. + +mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3 +mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3/templates +mkdir -p $RPM_BUILD_ROOT/%{_bindir} +mkdir -p $RPM_BUILD_ROOT/%{_libdir} +mkdir -p $RPM_BUILD_ROOT/%{unsupported_tools_directory} +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +mkdir -p $RPM_BUILD_ROOT/%{saved_files_dir} +mkdir -p $RPM_BUILD_ROOT/%{dracut_modules_dir} +mkdir -p $RPM_BUILD_ROOT/%{dracut_conf_dir} +%if %{defined rhel} +# not needed for rhel and its derivatives only fedora +%else +# because of the pp.1 conflict with perl-PAR-Packer +mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools +%endif + +install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh +install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf + +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5 + +# Copy the binary libraries we want +for file in libnssutil3.so libsoftokn3.so %{?with_dbm:libnssdbm3.so} libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so +do + install -p -m 755 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Install the empty NSS db files +# Legacy db +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb +%if %{with dbm} +install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db +install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db +install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db +%endif +# Shared db +install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db +install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db +install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt + +# Copy the development libraries we want +for file in libcrmf.a libnssb.a libnssckfw.a +do + install -p -m 644 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Copy the binaries we want +for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap +do + install -p -m 755 dist/${LOBJDIR}/bin/$file $RPM_BUILD_ROOT/%{_bindir} +done + +# Copy the binaries we ship as unsupported +for file in bltest dbtool ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt validation vfyserv vfychain +do + install -p -m 755 dist/${LOBJDIR}/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} +done + +# Copy the include files we want +for file in dist/public/nss/*.h +do + install -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done + +# Copy some freebl include files we also want +for file in blapi.h alghmac.h cmac.h +do + install -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done + +# Copy the static freebl library +for file in libfreebl.a +do +install -p -m 644 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Copy the template files we want +for file in dist/private/nss/templates.c dist/private/nss/nssck.api +do + install -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates +done + +# Copy the package configuration files +install -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc +install -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config +install -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc +install -p -m 755 ./dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config +install -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc +install -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config +# Copy the pkcs #11 configuration script +install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh +# install a symbolic link to it, without the ".sh" suffix, +# that matches the man page documentation +ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit + +# Copy the man pages for scripts +for f in %{configFiles}; do + install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 +done +# Copy the man pages for the nss tools +for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do + install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 +done +%if %{defined rhel} +install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_mandir}/man1/pp.1 +%else +install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools/pp.1 +%endif + +# Copy the man pages for the nss databases +for f in %{dbfiles}; do + install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5 +done + +%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3 +# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet +# from previous versions of nss.spec +/usr/bin/setup-nsssysinit.sh on + +%post +%if %{with dbm} +%else +# Upon upgrade, ensure that the existing database locations are migrated to SQL +# database. +if test $1 -eq 2; then + for dbdir in %{_sysconfdir}/pki/nssdb; do + if test ! -e ${dbdir}/pkcs11.txt; then + /usr/bin/certutil --merge -d ${dbdir} --source-dir ${dbdir} + fi + done +fi +%endif + + +%files +%{!?_licensedir:%global license %%doc} +%license nss/COPYING +%{_libdir}/libnss3.so +%{_libdir}/libssl3.so +%{_libdir}/libsmime3.so +%dir %{_sysconfdir}/pki/nssdb +%if %{with dbm} +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db +%endif +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt +%if %{with dbm} +%doc %{_mandir}/man5/cert8.db.5* +%doc %{_mandir}/man5/key3.db.5* +%doc %{_mandir}/man5/secmod.db.5* +%endif +%doc %{_mandir}/man5/cert9.db.5* +%doc %{_mandir}/man5/key4.db.5* +%doc %{_mandir}/man5/pkcs11.txt.5* + +%files sysinit +%{_libdir}/libnsssysinit.so +%{_bindir}/setup-nsssysinit.sh +# symbolic link to setup-nsssysinit.sh +%{_bindir}/setup-nsssysinit +%doc %{_mandir}/man1/setup-nsssysinit.1* + +%files tools +%{_bindir}/certutil +%{_bindir}/cmsutil +%{_bindir}/crlutil +%{_bindir}/modutil +%{_bindir}/nss-policy-check +%{_bindir}/pk12util +%{_bindir}/signver +%{_bindir}/ssltap +%{unsupported_tools_directory}/atob +%{unsupported_tools_directory}/btoa +%{unsupported_tools_directory}/derdump +%{unsupported_tools_directory}/listsuites +%{unsupported_tools_directory}/ocspclnt +%{unsupported_tools_directory}/pp +%{unsupported_tools_directory}/selfserv +%{unsupported_tools_directory}/signtool +%{unsupported_tools_directory}/strsclnt +%{unsupported_tools_directory}/symkeyutil +%{unsupported_tools_directory}/tstclnt +%{unsupported_tools_directory}/validation +%{unsupported_tools_directory}/vfyserv +%{unsupported_tools_directory}/vfychain +# instead of %%{_mandir}/man*/* let's list them explicitly +# supported tools +%doc %{_mandir}/man1/certutil.1* +%doc %{_mandir}/man1/cmsutil.1* +%doc %{_mandir}/man1/crlutil.1* +%doc %{_mandir}/man1/modutil.1* +%doc %{_mandir}/man1/pk12util.1* +%doc %{_mandir}/man1/signver.1* +# unsupported tools +%doc %{_mandir}/man1/derdump.1* +%doc %{_mandir}/man1/signtool.1* +%if %{defined rhel} +%doc %{_mandir}/man1/pp.1* +%else +%dir %{_datadir}/doc/nss-tools +%doc %{_datadir}/doc/nss-tools/pp.1 +%endif +%doc %{_mandir}/man1/ssltap.1* +%doc %{_mandir}/man1/vfychain.1* +%doc %{_mandir}/man1/vfyserv.1* + +%files devel +%{_libdir}/libcrmf.a +%{_libdir}/pkgconfig/nss.pc +%{_bindir}/nss-config +%doc %{_mandir}/man1/nss-config.1* + +%dir %{_includedir}/nss3 +%{_includedir}/nss3/cert.h +%{_includedir}/nss3/certdb.h +%{_includedir}/nss3/certt.h +%{_includedir}/nss3/cmmf.h +%{_includedir}/nss3/cmmft.h +%{_includedir}/nss3/cms.h +%{_includedir}/nss3/cmsreclist.h +%{_includedir}/nss3/cmst.h +%{_includedir}/nss3/crmf.h +%{_includedir}/nss3/crmft.h +%{_includedir}/nss3/cryptohi.h +%{_includedir}/nss3/cryptoht.h +%{_includedir}/nss3/jar-ds.h +%{_includedir}/nss3/jar.h +%{_includedir}/nss3/jarfile.h +%{_includedir}/nss3/key.h +%{_includedir}/nss3/keyhi.h +%{_includedir}/nss3/keyt.h +%{_includedir}/nss3/keythi.h +%{_includedir}/nss3/nss.h +%{_includedir}/nss3/nssckbi.h +%{_includedir}/nss3/ocsp.h +%{_includedir}/nss3/ocspt.h +%{_includedir}/nss3/p12.h +%{_includedir}/nss3/p12plcy.h +%{_includedir}/nss3/p12t.h +%{_includedir}/nss3/pk11func.h +%{_includedir}/nss3/pk11hpke.h +%{_includedir}/nss3/pk11pqg.h +%{_includedir}/nss3/pk11priv.h +%{_includedir}/nss3/pk11pub.h +%{_includedir}/nss3/pk11sdr.h +%{_includedir}/nss3/pkcs12.h +%{_includedir}/nss3/pkcs12t.h +%{_includedir}/nss3/pkcs7t.h +%{_includedir}/nss3/preenc.h +%{_includedir}/nss3/sechash.h +%{_includedir}/nss3/secmime.h +%{_includedir}/nss3/secmod.h +%{_includedir}/nss3/secmodt.h +%{_includedir}/nss3/secpkcs5.h +%{_includedir}/nss3/secpkcs7.h +%{_includedir}/nss3/smime.h +%{_includedir}/nss3/ssl.h +%{_includedir}/nss3/sslerr.h +%{_includedir}/nss3/sslexp.h +%{_includedir}/nss3/sslproto.h +%{_includedir}/nss3/sslt.h + +%files pkcs11-devel +%{_includedir}/nss3/nssbase.h +%{_includedir}/nss3/nssbaset.h +%{_includedir}/nss3/nssckepv.h +%{_includedir}/nss3/nssckft.h +%{_includedir}/nss3/nssckfw.h +%{_includedir}/nss3/nssckfwc.h +%{_includedir}/nss3/nssckfwt.h +%{_includedir}/nss3/nssckg.h +%{_includedir}/nss3/nssckmdt.h +%{_includedir}/nss3/nssckt.h +%{_includedir}/nss3/templates/nssck.api +%{_libdir}/libnssb.a +%{_libdir}/libnssckfw.a + +%files util +%{!?_licensedir:%global license %%doc} +%license nss/COPYING +%{_libdir}/libnssutil3.so + +%files util-devel +# package configuration files +%{_libdir}/pkgconfig/nss-util.pc +%{_bindir}/nss-util-config + +# co-owned with nss +%dir %{_includedir}/nss3 +# these are marked as public export in nss/lib/util/manifest.mk +%{_includedir}/nss3/base64.h +%{_includedir}/nss3/ciferfam.h +%{_includedir}/nss3/eccutil.h +%{_includedir}/nss3/kyber.h +%{_includedir}/nss3/hasht.h +%{_includedir}/nss3/nssb64.h +%{_includedir}/nss3/nssb64t.h +%{_includedir}/nss3/nsshash.h +%{_includedir}/nss3/nssilock.h +%{_includedir}/nss3/nssilckt.h +%{_includedir}/nss3/nsslocks.h +%{_includedir}/nss3/nssrwlk.h +%{_includedir}/nss3/nssrwlkt.h +%{_includedir}/nss3/nssutil.h +%{_includedir}/nss3/pkcs11.h +%{_includedir}/nss3/pkcs11f.h +%{_includedir}/nss3/pkcs11n.h +%{_includedir}/nss3/pkcs11p.h +%{_includedir}/nss3/pkcs11t.h +%{_includedir}/nss3/pkcs11u.h +%{_includedir}/nss3/pkcs11uri.h +%{_includedir}/nss3/pkcs1sig.h +%{_includedir}/nss3/portreg.h +%{_includedir}/nss3/secasn1.h +%{_includedir}/nss3/secasn1t.h +%{_includedir}/nss3/seccomon.h +%{_includedir}/nss3/secder.h +%{_includedir}/nss3/secdert.h +%{_includedir}/nss3/secdig.h +%{_includedir}/nss3/secdigt.h +%{_includedir}/nss3/secerr.h +%{_includedir}/nss3/secitem.h +%{_includedir}/nss3/secoid.h +%{_includedir}/nss3/secoidt.h +%{_includedir}/nss3/secport.h +%{_includedir}/nss3/utilmodt.h +%{_includedir}/nss3/utilpars.h +%{_includedir}/nss3/utilparst.h +%{_includedir}/nss3/utilrename.h +%{_includedir}/nss3/templates/templates.c + +%files softokn +%if %{with dbm} +%{_libdir}/libnssdbm3.so +%{_libdir}/libnssdbm3.chk +%endif +%{_libdir}/libsoftokn3.so +%{_libdir}/libsoftokn3.chk +# shared with nss-tools +%dir %{_libdir}/nss +%dir %{saved_files_dir} +%dir %{unsupported_tools_directory} +%{unsupported_tools_directory}/bltest +%{unsupported_tools_directory}/dbtool +%{unsupported_tools_directory}/ecperf +%{unsupported_tools_directory}/fbectest +%{unsupported_tools_directory}/fipstest +%{unsupported_tools_directory}/shlibsign + +%files softokn-freebl +%{!?_licensedir:%global license %%doc} +%license nss/COPYING +%{_libdir}/libfreebl3.so +%{_libdir}/libfreebl3.chk +%{_libdir}/libfreeblpriv3.so +%{_libdir}/libfreeblpriv3.chk +#shared +%dir %{dracut_modules_dir} +%{dracut_modules_dir}/module-setup.sh +%{dracut_conf_dir}/50-nss-softokn.conf + +%files softokn-freebl-devel +%{_libdir}/libfreebl.a +%{_includedir}/nss3/alghmac.h +%{_includedir}/nss3/blapi.h +%{_includedir}/nss3/blapit.h +%{_includedir}/nss3/cmac.h +%{_includedir}/nss3/lowkeyi.h +%{_includedir}/nss3/lowkeyti.h + +%files softokn-devel +%{_libdir}/pkgconfig/nss-softokn.pc +%{_bindir}/nss-softokn-config + +# co-owned with nss +%dir %{_includedir}/nss3 +# +# The following headers are those exported public in +# nss/lib/freebl/manifest.mn and +# nss/lib/softoken/manifest.mn +# +# The following list is short because many headers, such as +# the pkcs #11 ones, have been provided by nss-util-devel +# which installed them before us. +# +%{_includedir}/nss3/ecl-exp.h +%{_includedir}/nss3/nsslowhash.h +%{_includedir}/nss3/shsign.h + +%files -n nspr +%{!?_licensedir:%global license %%doc} +%license nspr/LICENSE +%{_libdir}/libnspr4.so +%{_libdir}/libplc4.so +%{_libdir}/libplds4.so + +%files -n nspr-devel +%{_includedir}/nspr4 +%{_libdir}/pkgconfig/nspr.pc +%{_bindir}/nspr-config +%doc %{_mandir}/man1/nspr-config.* + + +%changelog +* Wed Sep 4 2024 Bob Relyea - 3.101.0-7 +- fix cms abi breakage +- fix long password issue on pbmac encodings + +* Thu Aug 1 2024 Bob Relyea - 3.101.0-6 +- fix param encoding in pkcs12 pbamac encoding +- add support for certificate compression in selfserv and tstclient + +* Wed Jul 24 2024 Bob Relyea - 3.101.0-5 +- Fix missing and inaccurate key length checks +- Fix chacha timing issue + +* Thu Jul 18 2024 Bob Relyea - 3.101.0-4 +- Fix MD-5 decode issue in pkcs #12 + +* Mon Jul 15 2024 Bob Relyea - 3.101.0-3 +- Add FIPS 140-3 defines to sec file + +* Fri Jul 12 2024 Bob Relyea - 3.101.0-2 +- Fix spec to deal with annocheck failures + +* Tue Jun 25 2024 Bob Relyea - 3.101.0-1 +- Update NSS to 3.101.0 +- Pick up RHEL FIPS and other patches +- Turn off SEED and DSA + +* Mon Jun 24 2024 Troy Dawson - 3.97.0-2 +- Bump release for June 2024 mass rebuild + +* Sun Jan 28 2024 Frantisek Krenzelok - 3.97.0-1 +- Update NSS to 3.97.0 + +* Thu Jan 25 2024 Fedora Release Engineering - 3.96.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 3.96.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Dec 21 2023 Frantisek Krenzelok - 3.96.1-1 +- Update NSS to 3.96.1 + +* Mon Nov 27 2023 Frantisek Krenzelok - 3.95.0-1 +- Update NSS to 3.95.0 + +* Wed Oct 25 2023 Frantisek Krenzelok - 3.94.0-2 +- revert HACL 256 code to fix binary compatibility issue. + +* Wed Oct 4 2023 Frantisek Krenzelok - 3.94.0-1 +- Update NSS to 3.94.0 + +* Thu Sep 07 2023 Bob Relyea - 3.93.0-2 +- Update License field to SPDX. + +* Thu Aug 31 2023 Frantisek Krenzelok - 3.93.0-1 +- Update NSS to 3.93.0 + +* Tue Aug 1 2023 Frantisek Krenzelok - 3.92.0-1 +- Update NSS to 3.92.0 + +* Thu Jul 20 2023 Fedora Release Engineering - 3.91.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 4 2023 Frantisek Krenzelok - 3.91.0-1 +- Update NSS to 3.91.0 + +* Tue Jun 6 2023 Frantisek Krenzelok - 3.90.0-1 +- Add patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 & + https://bugzilla.mozilla.org/show_bug.cgi?id=1836925 + +* Mon Jun 5 2023 Frantisek Krenzelok - 3.90.0-1 +- Update %%patch syntax + +* Mon Jun 5 2023 Frantisek Krenzelok - 3.90.0-1 +- Update NSS to 3.90.0 + +* Fri May 5 2023 Frantisek Krenzelok - 3.89.0-1 +- combine nss and nspr source togeather + +* Fri May 5 2023 Frantisek Krenzelok - 3.89.0-1 +- replace %{version} with %{nss_version} as it version can be overiden. + +* Fri Mar 10 2023 Frantisek Krenzelok - 3.89.0-1 +- Update NSS to 3.89.0 + +* Fri Feb 10 2023 Frantisek Krenzelok - 3.88.1-1 +- Update NSS to 3.88.1 + +* Tue Jan 24 2023 Bob Relyea - 3.87.0-2 +- Fix rebuild errors + +* Thu Jan 19 2023 Fedora Release Engineering - 3.87.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 10 2023 Frantisek Krenzelok - 3.87.0-1 +- Update NSS to 3.87 & remove unused patches + +* Thu Nov 17 2022 Bob Relyea - 3.85.0-1 +- update to NSS 3.83 + +* Fri Sep 9 2022 Bob Relyea - 3.83.0-1 +- update to NSS 3.83 +- update to NSPR 4.35 + +* Fri Sep 9 2022 Bob Relyea - 3.81.0-2 +- add dbtool + +* Thu Jul 21 2022 Bob Relyea - 3.81.0-1 +- udpate to NSS 3.81 + +* Thu Jun 16 2022 Bob Relyea - 3.79.0-2 +- Fix crash when getting client cert and there is none in the database. + +* Tue May 31 2022 Bob Relyea - 3.79.0-1 +- Update to NSS 3.79 +- Update to NSPR 4.34 + +* Mon Apr 4 2022 Bob Relyea - 3.77.0-1 +- Update to 3.77 + +* Fri Feb 4 2022 Bob Relyea - 3.75.0-1 +- Update to 3.75 +- fix PayPal expiration issue + +* Thu Jan 20 2022 Fedora Release Engineering - 3.73.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Dec 1 2021 Bob Relyea - 3.73.0-1 +- Update to 3.73 +- includes CVE 2021-43527 + +* Mon Oct 4 2021 Bob Relyea - 3.71.0-1 +- Update to 3.71 + +* Tue Aug 10 2021 Bob Relyea - 3.69.0-2 +- turn on lto + +* Tue Aug 10 2021 Bob Relyea - 3.69.0-1 +- Update to 3.69 +- Update to NSPR 4.31 + +* Tue Jul 27 2021 Bob Relyea - 3.67.0-4 +- switch to baserelease so rpmdev-bumpspec will work next time + +* Tue Jul 27 2021 Bob Relyea - 3.67.0-3 +- rpmdev-bumpspec doesn't work correctly with nss/nspr. Fixup version numbers + +* Thu Jul 22 2021 Fedora Release Engineering - 3.67.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 23 2021 Bob Relyea - 3.67.0-1 +- Update to 3.67 +- Update to NSPR 2.31 + +* Tue Mar 23 2021 Bob Relyea - 3.65.0-1 +- Update to 3.65 +- update nss-tools manages to remove references to dbm + +* Tue Mar 23 2021 Bob Relyea - 3.63.0-1 +- Update to 3.63 +- Update to NSPR 2.30 +- Remove old dbm files and man pages + +* Tue Feb 23 2021 Bob Relyea - 3.62.0-1 +- Update to 3.62 + +* Mon Feb 01 2021 Kalev Lember - 3.60.1-5 +- Rebuild to fix broken nspr dependencies + +* Tue Jan 26 2021 Fedora Release Engineering - 3.60.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 22 2021 Bob Relyea - 3.60.1-2 +- Update nspr release number + +* Fri Jan 22 2021 Bob Relyea - 3.60.1-2 +- Update requires so that we get the correct crypto policies + (or all RSA and ECDSA signatures wil fail) + +* Thu Jan 21 2021 Bob Relyea - 3.60.1-1 +- Update to NSS 3.60.1 +- Drop NODEPEND_FREEBL and LOWHASH + +* Fri Dec 11 2020 Bob Relyea - 3.59.0-2 +- Work around btrfs/sqlite bug +- Disable new policy entries until crypto-polices has been updated + +* Thu Dec 10 2020 Daiki Ueno - 3.59.0-1 +- Update to NSS 3.59 +- Remove unused quilt BR + +* Sat Nov 7 2020 Daiki Ueno - 3.58.0-8 +- Replace %%{version} references in %%build with %%{nss_version}, suggested by Dmitry Butskoy in bz#1895447 + +* Fri Oct 30 2020 Daiki Ueno - 3.58.0-7 +- Use the lockstep release numbering for both nspr and nss + +* Thu Oct 29 2020 Jeff Law - 3.58.0-6 +- Disable -Warray-parameter warning for gcc-11 + +* Tue Oct 27 2020 Daiki Ueno - 3.58.0-5 +- Consolidate NSPR package with this package + +* Mon Oct 26 2020 Bob Relyea - 3.58.0-4 +- fix pkix ocsp to tolerate OCSP checking on intermediates + when the root is signed by sha1 and sha1 is disabled by + policy + +* Mon Oct 26 2020 Daiki Ueno - 3.58.0-3 +- Revert the last change, always tolerate the first CCS in TLS 1.3 + +* Thu Oct 22 2020 Daiki Ueno - 3.58.0-2 +- Enable TLS 1.3 middlebox compatibility mode by default + +* Tue Oct 20 2020 Daiki Ueno - 3.58.0-1 +- Update to NSS 3.58 + +* Sat Sep 19 2020 Daiki Ueno - 3.57.0-1 +- Update to NSS 3.57 + +* Mon Aug 24 2020 Daiki Ueno - 3.56.0-1 +- Update to NSS 3.56 + +* Thu Aug 13 2020 Daiki Ueno - 3.55.0-3 +- Fix DBM backend disablement +- Add scriptlet to auto-migrated known database locations + +* Sat Aug 8 2020 Daiki Ueno - 3.55.0-2 +- Disable LTO + +* Sun Aug 2 2020 Daiki Ueno - 3.55.0-1 +- Update to NSS 3.55 +- Disable building DBM backend + +* Sat Aug 01 2020 Fedora Release Engineering - 3.54.0-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 3.54.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 15 2020 Daiki Ueno - 3.54.0-1 +- Update to NSS 3.54 + +* Thu Jun 4 2020 Bob Relyea - 3.53.0-2 +- Fix non-strict prototype in pk11pub.h + +* Mon Jun 1 2020 Daiki Ueno - 3.53.0-1 +- Update to NSS 3.53 + +* Wed May 13 2020 Bob Relyea - 3.52.0-2 +- Delay CK_GCM_PARAMS semantics until fedora 34 + +* Mon May 11 2020 Daiki Ueno - 3.52.0-1 +- Update to NSS 3.52 + +* Sat Apr 25 2020 Daiki Ueno - 3.51.1-2 +- Temporarily revert DBM disablement for kernel build failure (#1827902) + +* Mon Apr 20 2020 Daiki Ueno - 3.51.1-1 +- Update to NSS 3.51.1 +- Disable building DBM backend + +* Tue Apr 7 2020 Daiki Ueno - 3.51.0-1 +- Update to NSS 3.51 + +* Thu Mar 26 2020 Tom Stellard - 3.50.0-3 +- Use __make macro to invoke make + +* Thu Mar 5 2020 Daiki Ueno - 3.50.0-2 +- Apply CMAC fixes from upstream + +* Mon Feb 17 2020 Daiki Ueno - 3.50.0-1 +- Update to NSS 3.50 + +* Fri Feb 14 2020 Daiki Ueno - 3.49.2-3 +- Ignore false-positive compiler warnings with gcc 10 +- Fix build with gcc 10 + +* Wed Jan 29 2020 Fedora Release Engineering - 3.49.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Jan 27 2020 Daiki Ueno - 3.49.2-1 +- Update to NSS 3.49.2 +- Don't enable TLS 1.3 by default (#1794814) + +* Fri Jan 10 2020 Daiki Ueno - 3.49.0-1 +- Update to NSS 3.49 +- Fix build on armv7hl with the patch proposed in upstream + +* Fri Jan 3 2020 Daiki Ueno - 3.48.0-1 +- Update to NSS 3.48 + +* Tue Dec 3 2019 Daiki Ueno - 3.47.1-4 +- Update nss-3.47-certdb-temp-cert.patch to avoid setting empty trust value + +* Tue Dec 3 2019 Daiki Ueno - 3.47.1-3 +- Update nss-3.47-certdb-temp-cert.patch to the final version + +* Thu Nov 28 2019 Daiki Ueno - 3.47.1-2 +- Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617) + +* Fri Nov 22 2019 Daiki Ueno - 3.47.1-1 +- Update to NSS 3.47.1 + +* Mon Nov 4 2019 Bob Relyea - 3.47.0-3 +- Include ike mechanism fix + +* Wed Oct 23 2019 Daiki Ueno - 3.47.0-2 +- Install cmac.h required by blapi.h (#1764513) + +* Tue Oct 22 2019 Daiki Ueno - 3.47.0-1 +- Update to NSS 3.47 + +* Mon Oct 21 2019 Daiki Ueno - 3.46.1-1 +- Update to NSS 3.46.1 + +* Tue Sep 3 2019 Daiki Ueno - 3.46.0-1 +- Update to NSS 3.46 + +* Thu Aug 29 2019 Daiki Ueno - 3.45.0-1 +- Update to NSS 3.45 + +* Thu Jul 25 2019 Fedora Release Engineering - 3.44.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jul 2 2019 Daiki Ueno - 3.44.1-1 +- Update to NSS 3.44.1 + +* Mon May 20 2019 Daiki Ueno - 3.44.0-2 +- Skip TLS 1.3 tests under FIPS mode + +* Fri May 17 2019 Daiki Ueno - 3.44.0-1 +- Update to NSS 3.44 + +* Mon May 6 2019 Daiki Ueno - 3.43.0-3 +- Fix PKCS#11 module leak if C_GetSlotInfo() failed + +* Tue Mar 26 2019 Elio Maldonado - 3.43.0-2 +- Update %%{nspr_version} to 4.21.0 and remove obsolete comment + +* Thu Mar 21 2019 Daiki Ueno - 3.43.0-1 +- Update to NSS 3.43 + +* Mon Feb 11 2019 Daiki Ueno - 3.42.1-1 +- Update to NSS 3.42.1 + +* Fri Feb 8 2019 Daiki Ueno - 3.42.0-1 +- Update to NSS 3.42 + +* Fri Feb 8 2019 Daiki Ueno - 3.41.0-5 +- Simplify test failure detection in %%check + +* Fri Feb 01 2019 Fedora Release Engineering - 3.41.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 11 2019 Daiki Ueno - 3.41.0-3 +- Remove prelink.conf as prelink was removed in F24, suggested by + Harald Reindl +- Use quilt for %%autopatch +- Make sysinit require arch-dependent nss, suggested by Igor Gnatenko +- Silence %%post/%%postun scriptlets, suggested by Ian Collier + +* Mon Dec 10 2018 Daiki Ueno - 3.41.0-1 +- Update to NSS 3.41 + +* Thu Dec 6 2018 Daiki Ueno - 3.40.1-3 +- Remove unnecessary patches + +* Thu Dec 6 2018 Daiki Ueno - 3.40.1-2 +- Update to NSS 3.40.1 + +* Wed Nov 14 2018 Daiki Ueno - 3.39.0-4 +- Consolidate nss-util, nss-softokn, and nss into a single package +- Fix FTBFS with expired test certs +- Modernize spec file based on the suggestion from Robert-André Mauchin + +* Thu Sep 13 2018 Daiki Ueno - 3.39.0-3 +- Fix LDFLAGS injection + +* Mon Sep 3 2018 Daiki Ueno - 3.39.0-2 +- Update to NSS 3.39 +- Use the upstream tarball as it is (rhbz#1578106) +- Allow SSLKEYLOGFILE (rhbz#1620207) + +* Fri Jul 20 2018 Kai Engert - 3.38.0-4 +- Backport upstream addition of nss-policy-check utility, rhbz#1428746 + +* Fri Jul 13 2018 Fedora Release Engineering - 3.38.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 2 2018 Daiki Ueno - 3.38.0-2 +- Update to NSS 3.38 +- Install crypto-policies configuration file for + https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules +- Use %%ldconfig_scriptlets + +* Wed Jun 6 2018 Daiki Ueno - 3.37.3-3 +- Backport fix for handling DTLS application_data before handshake + +* Tue Jun 5 2018 Daiki Ueno - 3.37.3-2 +- Update to NSS 3.37.3 + +* Mon May 28 2018 Daiki Ueno - 3.37.1-2 +- Update to NSS 3.37.1 +- Temporarily disable AlertBeforeServerHello test + +* Wed May 02 2018 Kai Engert - 3.36.1-3 +- Upstream patch to keep nicknames stable on repeated certificate + import into SQL DB, mozbz#1458518 + +* Wed Apr 11 2018 Daiki Ueno - 3.36.1-2 +- Update to NSS 3.36.1 + +* Mon Mar 12 2018 Daiki Ueno - 3.36.0-3 +- Remove nss-3.14.0.0-disble-ocsp-test.patch +- Remove obsolete Conflicts +- Fix partial injection of LDFLAGS + +* Fri Mar 9 2018 Daiki Ueno - 3.36.0-2 +- Update to NSS 3.36.0 +- Add gcc-c++ to BuildRequires (C++ is needed for gtests) +- Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream +- Make test failure detection robuster + +* Thu Feb 08 2018 Fedora Release Engineering - 3.35.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Jan 29 2018 Kai Engert - 3.35.0-4 +- Fix a compiler error with gcc 8, mozbz#1434070 +- Set NSS_FORCE_FIPS=1 at %%build time, and remove from %%check. + +* Mon Jan 29 2018 Kai Engert - 3.35.0-3 +- Stop pulling in nss-pem automatically, packages that need it should + depend on it, rhbz#1539401 + +* Tue Jan 23 2018 Daiki Ueno - 3.35.0-2 +- Update to NSS 3.35.0 + +* Tue Nov 14 2017 Daiki Ueno - 3.34.0-2 +- Update to NSS 3.34.0 + +* Fri Nov 10 2017 Daiki Ueno - 3.33.0-6 +- Make sure 32bit nss-pem always be installed with 32bit nss in + multlib environment, patch by Kamil Dudka + +* Wed Nov 8 2017 Kai Engert - 3.33.0-5 +- Fix test script + +* Tue Nov 7 2017 Kai Engert - 3.33.0-4 +- Update tests to be compatible with default NSS DB changed to sql + (the default was changed in the nss-util package). + +* Tue Oct 24 2017 Kai Engert - 3.33.0-3 +- rhbz#1505487, backport upstream fixes required for rhbz#1496560 + +* Tue Oct 3 2017 Daiki Ueno - 3.33.0-2 +- Update to NSS 3.33.0 + +* Fri Sep 15 2017 Daiki Ueno - 3.32.1-2 +- Update to NSS 3.32.1 + +* Wed Sep 6 2017 Daiki Ueno - 3.32.0-4 +- Update iquote.patch to really prefer in-tree headers over system headers + +* Wed Aug 23 2017 Kai Engert - 3.32.0-3 +- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449 + +* Mon Aug 7 2017 Daiki Ueno - 3.32.0-2 +- Update to NSS 3.32.0 + +* Thu Aug 03 2017 Fedora Release Engineering - 3.31.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 3.31.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 18 2017 Daiki Ueno - 3.31.0-4 +- Backport mozbz#1381784 to avoid deadlock in dnf + +* Thu Jul 13 2017 Daiki Ueno - 3.31.0-3 +- Move signtool to %%_libdir/nss/unsupported-tools, for: + https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation + +* Wed Jun 21 2017 Daiki Ueno - 3.31.0-2 +- Rebase to NSS 3.31.0 + +* Fri Jun 2 2017 Daiki Ueno - 3.30.2-3 +- Enable gtests + +* Mon Apr 24 2017 Daiki Ueno - 3.30.2-2 +- Rebase to NSS 3.30.2 +- Enable TLS 1.3 + +* Thu Mar 30 2017 Kai Engert - 3.30.0-3 +- Backport upstream mozbz#1328318 to support crypto policy FUTURE. + +* Tue Mar 21 2017 Daiki Ueno - 3.30.0-2 +- Rebase to NSS 3.30.0 +- Remove upstreamed patches + +* Thu Mar 02 2017 Kai Engert - 3.29.1-3 +- Backport mozbz#1334976 and mozbz#1336487. + +* Fri Feb 17 2017 Daiki Ueno - 3.29.1-2 +- Rebase to NSS 3.29.1 + +* Thu Feb 9 2017 Daiki Ueno - 3.29.0-3 +- Disable TLS 1.3, following the upstream change + +* Wed Feb 8 2017 Daiki Ueno - 3.29.0-2 +- Rebase to NSS 3.29.0 +- Suppress -Werror=int-in-bool-context warnings with GCC7 + +* Mon Jan 23 2017 Daiki Ueno - 3.28.1-6 +- Work around pkgconfig -> pkgconf transition issue (releng#6597) + +* Fri Jan 20 2017 Daiki Ueno - 3.28.1-5 +- Disable TLS 1.3 +- Add "Conflicts" with packages using older Mozilla codebase, which is + not compatible with NSS 3.28.1 +- Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream + +* Tue Jan 17 2017 Daiki Ueno - 3.28.1-4 +- Add "Conflicts" with older firefox packages which don't have support + for smaller curves added in NSS 3.28.1 + +* Fri Jan 13 2017 Daiki Ueno - 3.28.1-3 +- Fix incorrect version specification in %%nss_{util,softokn}_version, + pointed by Elio Maldonado + +* Fri Jan 6 2017 Daiki Ueno - 3.28.1-2 +- Rebase to NSS 3.28.1 +- Remove upstreamed patch for disabling RSA-PSS +- Re-enable TLS 1.3 + +* Wed Nov 30 2016 Daiki Ueno - 3.27.2-2 +- Rebase to NSS 3.27.2 + +* Tue Nov 15 2016 Daiki Ueno - 3.27.0-5 +- Revert the previous fix for RSA-PSS and use the upstream fix instead + +* Wed Nov 02 2016 Kai Engert - 3.27.0-4 +- Disable the use of RSA-PSS with SSL/TLS. #1383809 + +* Sun Oct 2 2016 Daiki Ueno - 3.27.0-3 +- Disable TLS 1.3 for now, to avoid reported regression with TLS to + version intolerant servers + +* Thu Sep 29 2016 Daiki Ueno - 3.27.0-2 +- Rebase to NSS 3.27.0 +- Remove upstreamed ectest patch + +* Mon Aug 8 2016 Daiki Ueno - 3.26.0-2 +- Rebase to NSS 3.26.0 +- Update check policy file patch to better match what was upstreamed +- Remove conditionally ignore system policy patch as it has been upstreamed +- Skip ectest as well as ecperf, which are built as part of nss-softokn +- Fix rpmlint error regarding %%define usage + +* Thu Jul 14 2016 Elio Maldonado - 3.25.0-6 +- Incorporate some changes requested in upstream review and commited upstream (#1157720) + +* Fri Jul 01 2016 Elio Maldonado - 3.25.0-5 +- Add support for conditionally ignoring the system policy (#1157720) +- Remove unneeded test scripts patches in order to run more tests +- Remove unneeded test data modifications from the spec file + +* Tue Jun 28 2016 Elio Maldonado - 3.25.0-4 +- Remove obsolete patch and spurious lines from the spec file (#1347336) + +* Sun Jun 26 2016 Elio Maldonado - 3.25.0-3 +- Cleanup spec file and patches and add references to bugs filed upstream + +* Fri Jun 24 2016 Elio Maldonado - 3.25.0-2 +- Rebase to nss 3.25 + +* Thu Jun 16 2016 Kamil Dudka - 3.24.0-3 +- decouple nss-pem from the nss package (#1347336) + +* Fri Jun 03 2016 Elio Maldonado - 3.24.0-2.3 +- Apply the patch that was last introduced +- Renumber and reorder some of the patches +- Resolves: Bug 1342158 + +* Thu Jun 02 2016 Elio Maldonado - 3.24.0-2.2 +- Allow application requests to disable SSL v2 to succeed +- Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails + +* Sun May 29 2016 Elio Maldonado - 3.24.0-2.1 +- Rebase to NSS 3.24.0 +- Restore setting the policy file location +- Make ssl tests scripts aware of policy +- Ajust tests data expected result for policy + +* Tue May 24 2016 Elio Maldonado - 3.24.0-2.0 +- Bootstrap build to rebase to NSS 3.24.0 +- Temporarily not setting the policy file location + +* Thu May 12 2016 Elio Maldonado - 3.23.0-9 +- Change POLICY_FILE to "nss.config" + +* Fri Apr 22 2016 Elio Maldonado - 3.23.0-8 +- Change POLICY_FILE to "nss.cfg" + +* Wed Apr 20 2016 Elio Maldonado - 3.23.0-7 +- Change the POLICY_PATH to "/etc/crypto-policies/back-ends" +- Regenerate the check policy patch with hg to provide more context + +* Thu Apr 14 2016 Elio Maldonado - 3.23.0-6 +- Fix typo in the last %%changelog entry + +* Thu Mar 24 2016 Elio Maldonado - 3.23.0-5 +- Load policy file if /etc/pki/nssdb/policy.cfg exists +- Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy + +* Tue Mar 08 2016 Elio Maldonado - 3.23.0-4 +- Remove unused patch rendered obsolete by pem update + +* Tue Mar 08 2016 Elio Maldonado - 3.23.0-3 +- Update pem sources to latest from nss-pem upstream +- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key + +* Sat Mar 05 2016 Elio Maldonado - 3.23.0-2 +- Rebase to NSS 3.23 + +* Sat Feb 27 2016 Elio Maldonado - 3.22.2-2 +- Rebase to NSS 3.22.2 + +* Tue Feb 23 2016 Elio Maldonado - 3.22.1-3 +- Fix ssl2/exp test disabling to run all the required tests + +* Sun Feb 21 2016 Elio Maldonado - 3.22.1-1 +- Rebase to NSS 3.22.1 + +* Mon Feb 08 2016 Elio Maldonado - 3.22.0-3 +- Update .gitignore as part of updating to nss 3.22 + +* Mon Feb 08 2016 Elio Maldonado - 3.22.0-2 +- Update to NSS 3.22 + +* Thu Feb 04 2016 Fedora Release Engineering - 3.21.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jan 15 2016 Elio Maldonado - 3.21.0-6 +- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite +- Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built +- Use %%define when specifying the nss_tests to run + +* Wed Dec 30 2015 Michal Toman - 3.21.0-5 +- Add 64-bit MIPS to multilib arches + +* Fri Nov 20 2015 Elio Maldonado - 3.21.0-4 +- Update %%{nss_util_version} and %%{nss_softokn_version} to 3.21.0 +- Resolves: Bug 1284095 - all https fails with sec_error_no_token + +* Sun Nov 15 2015 Elio Maldonado - 3.21.0-3 +- Add references to bugs filed upstream + +* Fri Nov 13 2015 Elio Maldonado Batiz - 3.21.1-2 +- Update to NSS 3.21 +- Package listsuites as part of the unsupported tools set +- Resolves: Bug 1279912 - nss-3.21 is available +- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit +- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set + +* Fri Oct 30 2015 Elio Maldonado - 3.20.1-2 +- Update to NSS 3.20.1 + +* Wed Sep 30 2015 Elio Maldonado - 3.20.0-6 +- Enable ECC cipher-suites by default [hrbz#1185708] +- Split the enabling patch in two for easier maintenance +- Remove unused patches rendered obsolete by prior rebase + +* Wed Sep 16 2015 Elio Maldonado - 3.20.0-5 +- Enable ECC cipher-suites by default [hrbz#1185708] +- Implement corrections requested in code review + +* Tue Sep 15 2015 Elio Maldonado - 3.20.0-4 +- Enable ECC cipher-suites by default [hrbz#1185708] + +* Mon Sep 14 2015 Elio Maldonado - 3.20.0-3 +- Fix patches that disable ssl2 and export cipher suites support +- Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers +- Fix syntax errors in patch to skip ssl2 and export cipher suite tests +- Turn ssl2 off by default in the tstclnt tool +- Disable ssl stress tests containing TLS RC4 128 with MD5 + +* Thu Aug 20 2015 Elio Maldonado - 3.20.0-2 +- Update to NSS 3.20 + +* Sat Aug 08 2015 Elio Maldonado - 3.19.3-2 +- Update to NSS 3.19.3 + +* Fri Jun 26 2015 Elio Maldonado - 3.19.2-3 +- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers + +* Wed Jun 17 2015 Kai Engert - 3.19.2-2 +- Update to NSS 3.19.2 + +* Thu May 28 2015 Kai Engert - 3.19.1-2 +- Update to NSS 3.19.1 + +* Tue May 19 2015 Kai Engert - 3.19.0-2 +- Update to NSS 3.19 + +* Fri May 15 2015 Kai Engert - 3.18.0-2 +- Replace expired test certificates, upstream bug 1151037 + +* Thu Mar 19 2015 Elio Maldonado - 3.18.0-1 +- Update to nss-3.18.0 +- Resolves: Bug 1203689 - nss-3.18 is available + +* Tue Mar 03 2015 Elio Maldonado - 3.17.4-5 +- Disable export suites and SSL2 support at build time +- Fix syntax errors in various shell scripts +- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites + +* Sat Feb 21 2015 Till Maas - 3.17.4-4 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Tue Feb 10 2015 Elio Maldonado - 3.17.4-3 +- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2 +- Backing out from disabling ssl2 until the patches are fixed + +* Mon Feb 09 2015 Elio Maldonado - 3.17.4-2 +- Disable SSL2 support at build time +- Fix syntax errors in various shell scripts +- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites + +* Wed Jan 28 2015 Elio Maldonado - 3.17.4-1 +- Update to nss-3.17.4 + +* Sat Jan 24 2015 Ville Skyttä - 3.17.3-4 +- Own the %%{_datadir}/doc/nss-tools dir + +* Tue Dec 16 2014 Elio Maldonado - 3.17.3-3 +- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer +- Install pp man page in %%{_datadir}/doc/nss-tools/pp.1 +- Use %%{_mandir} instead of /usr/share/man as more generic + +* Mon Dec 15 2014 Elio Maldonado - 3.17.3-2 +- Install pp man page in alternative location +- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer + +* Fri Dec 05 2014 Elio Maldonado - 3.17.3-1 +- Update to nss-3.17.3 +- Resolves: Bug 1171012 - nss-3.17.3 is available + +* Thu Oct 16 2014 Elio Maldonado - 3.17.2-2 +- Resolves: Bug 994599 - Enable TLS 1.2 by default + +* Sun Oct 12 2014 Elio Maldonado - 3.17.2-1 +- Update to nss-3.17.2 + +* Wed Sep 24 2014 Kai Engert - 3.17.1-1 +- Update to nss-3.17.1 +- Add a mechanism to skip test suite execution during development work + +* Thu Aug 21 2014 Kevin Fenzi - 3.17.0-2 +- Rebuild for rpm bug 1131960 + +* Tue Aug 19 2014 Elio Maldonado - 3.17.0-1 +- Update to nss-3.17.0 + +* Sun Aug 17 2014 Fedora Release Engineering - 3.16.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 30 2014 Elio Maldonado - 3.16.2-3 +- Replace expired PayPal test cert with current one to prevent build failure + +* Fri Jul 18 2014 Tom Callaway - 3.16.2-2 +- fix license handling + +* Sun Jun 29 2014 Elio Maldonado - 3.16.2-1 +- Update to nss-3.16.2 + +* Sun Jun 15 2014 Elio Maldonado - 3.16.1-4 +- Remove unwanted source directories at end of %%prep so it truly does it +- Skip the cipher suite already run as part of the nss-softokn build + +* Sat Jun 07 2014 Fedora Release Engineering - 3.16.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon May 12 2014 Jaromir Capik - 3.16.1-2 +- Replacing ppc64 and ppc64le with the power64 macro +- Related: Bug 1052545 - Trivial change for ppc64le in nss spec + +* Tue May 06 2014 Elio Maldonado - 3.16.1-1 +- Update to nss-3.16.1 +- Update the iquote patch on account of the rebase +- Improve error detection in the %%section +- Resolves: Bug 1094702 - nss-3.16.1 is available + +* Tue Mar 18 2014 Elio Maldonado - 3.16.0-1 +- Update to nss-3.16.0 +- Cleanup the copying of the tools man pages +- Update the iquote.patch on account of the rebase + +* Tue Mar 04 2014 Elio Maldonado - 3.15.5-2 +- Restore requiring nss_softokn_version >= 3.15.5 + +* Wed Feb 19 2014 Elio Maldonado - 3.15.5-1 +- Update to nss-3.15.5 +- Temporarily requiring only nss_softokn_version >= 3.15.4 +- Fix location of sharedb files and their manpages +- Move cert9.db, key4.db, and pkcs11.txt to the main package +- Move nss-sysinit manpages tar archives to the main package +- Resolves: Bug 1066877 - nss-3.15.5 is available +- Resolves: Bug 1067091 - Move sharedb files to the %%files section + +* Thu Feb 06 2014 Elio Maldonado - 3.15.4-5 +- Revert previous change that moved some sysinit manpages +- Restore nss-sysinit manpages tar archives to %%files sysinit +- Removing spurious wildcard entry was the only change needed + +* Mon Jan 27 2014 Elio Maldonado - 3.15.4-4 +- Add explanatory comments for iquote.patch as was done on f20 + +* Sat Jan 25 2014 Elio Maldonado - 3.15.4-3 +- Update pem sources to latest from nss-pem upstream +- Pick up pem fixes verified on RHEL and applied upstream +- Fix a problem where same files in two rpms created rpm conflict +- Move some nss-sysinit manpages tar archives to the %%files the +- All man pages are listed by name so there shouldn't be wildcard inclusion +- Add support for ppc64le, Resolves: Bug 1052545 + +* Mon Jan 20 2014 Peter Robinson 3.15.4-2 +- ARM tests pass so remove ARM conditional + +* Tue Jan 07 2014 Elio Maldonado - 3.15.4-1 +- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM) +- Resolves: Bug 1049229 - nss-3.15.4 is available +- Update pem sources to latest from the interim upstream for pem +- Remove no longer needed patches +- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken +- Update iquote.patch on account of upstream changes + +* Wed Dec 11 2013 Elio Maldonado - 3.15.3.1-1 +- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM) +- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) +- Resolves: Bug 1040192 - nss-3.15.3.1 is available + +* Tue Dec 03 2013 Elio Maldonado - 3.15.3-2 +- Bump the release tag + +* Sun Nov 24 2013 Elio Maldonado - 3.15.3-1 +- Update to NSS_3_15_3_RTM +- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws +- Fix option descriptions for setup-nsssysinit manpage +- Fix man page of nss-sysinit wrong path and other flaws +- Document email option for certutil manpage +- Remove unused patches + +* Sun Oct 27 2013 Elio Maldonado - 3.15.2-3 +- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245] + +* Wed Oct 23 2013 Elio Maldonado - 3.15.2-2 +- Use the full sources from upstream +- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird + +* Thu Sep 26 2013 Elio Maldonado - 3.15.2-1 +- Update to NSS_3_15_2_RTM +- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel + +* Wed Aug 28 2013 Elio Maldonado - 3.15.1-7 +- Update pem sources to pick up a patch applied upstream which a faulty merge had missed +- The pem module should not require unique file basenames + +* Tue Aug 27 2013 Elio Maldonado - 3.15.1-6 +- Update pem sources to the latest from interim upstream + +* Mon Aug 19 2013 Elio Maldonado - 3.15.1-5 +- Resolves: rhbz#996639 - Minor bugs in nss man pages +- Fix some typos and improve description and see also sections + +* Sun Aug 11 2013 Elio Maldonado - 3.15.1-4 +- Cleanup spec file to address most rpmlint errors and warnings +- Using double percent symbols to fix macro-in-comment warnings +- Ignore unversioned-explicit-provides nss-system-init per spec comments +- Ignore invalid-url Source0 as it comes from the git lookaside cache +- Ignore invalid-url Source12 as it comes from the git lookaside cache + +* Thu Jul 25 2013 Elio Maldonado - 3.15.1-3 +- Add man page for pkcs11.txt configuration file and cert and key databases +- Resolves: rhbz#985114 - Provide man pages for the nss configuration files + +* Fri Jul 19 2013 Elio Maldonado - 3.15.1-2 +- Fix errors in the man pages +- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util +- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit + +* Tue Jul 02 2013 Elio Maldonado - 3.15.1-1 +- Update to NSS_3_15_1_RTM +- Enable the iquote.patch to access newly introduced types + +* Wed Jun 19 2013 Elio Maldonado - 3.15-5 +- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts +- Resolves: rhbz#606020 - nss security tools lack man pages + +* Tue Jun 18 2013 emaldona - 3.15-4 +- Build nss without softoken or util sources in the tree +- Resolves: rhbz#689918 + +* Mon Jun 17 2013 emaldona - 3.15-3 +- Update ssl-cbc-random-iv-by-default.patch + +* Sun Jun 16 2013 Elio Maldonado - 3.15-2 +- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config + +* Sat Jun 15 2013 Elio Maldonado - 3.15-1 +- Update to NSS_3_15_RTM + +* Wed Apr 24 2013 Elio Maldonado - 3.15-0.1.beta1.2 +- Fix incorrect path that hid failed test from view +- Add ocsp to the test suites to run but ... +- Temporarily disable the ocsp stapling tests +- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors + +* Thu Apr 04 2013 Elio Maldonado - 3.15-0.1.beta1.1 +- Update to NSS_3_15_BETA1 +- Update spec file, patches, and helper scripts on account of a shallower source tree + +* Sun Mar 24 2013 Kai Engert - 3.14.3-12 +- Update expired test certificates (fixed in upstream bug 852781) + +* Fri Mar 08 2013 Kai Engert - 3.14.3-10 +- Fix incorrect post/postun scripts. Fix broken links in posttrans. + +* Wed Mar 06 2013 Kai Engert - 3.14.3-9 +- Configure libnssckbi.so to use the alternatives system + in order to prepare for a drop in replacement. + +* Fri Feb 15 2013 Elio Maldonado - 3.14.3-1 +- Update to NSS_3_14_3_RTM +- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 +- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack +- Resolves: rhbz#896651 - PEM module trashes private keys if login fails +- Resolves: rhbz#909775 - specfile support for AArch64 +- Resolves: rhbz#910584 - certutil -a does not produce ASCII output + +* Mon Feb 04 2013 Elio Maldonado - 3.14.2-2 +- Allow building nss against older system sqlite + +* Fri Feb 01 2013 Elio Maldonado - 3.14.2-1 +- Update to NSS_3_14_2_RTM + +* Wed Jan 02 2013 Kai Engert - 3.14.1-3 +- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM + +* Sat Dec 22 2012 Elio Maldonado - 3.14.1-2 +- Require nspr >= 4.9.4 +- Fix changelog invalid dates + +* Mon Dec 17 2012 Elio Maldonado - 3.14.1-1 +- Update to NSS_3_14_1_RTM + +* Wed Dec 12 2012 Elio Maldonado - 3.14-12 +- Bug 879978 - Install the nssck.api header template where mod_revocator can access it +- Install nssck.api in /usr/includes/nss3/templates + +* Tue Nov 27 2012 Elio Maldonado - 3.14-11 +- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it +- Install nssck.api in /usr/includes/nss3 + +* Mon Nov 19 2012 Elio Maldonado - 3.14-10 +- Bug 870864 - Add support in NSS for Secure Boot + +* Sat Nov 10 2012 Elio Maldonado - 3.14-9 +- Disable bypass code at build time and return failure on attempts to enable at runtime +- Bug 806588 - Disable SSL PKCS #11 bypass at build time + +* Sun Nov 04 2012 Elio Maldonado - 3.14-8 +- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs +- Bug 872124 - nss-3.14 breaks fedpkg new-sources +- Fix should be considered preliminary since the patch may change upon upstream approval + +* Thu Nov 01 2012 Elio Maldonado - 3.14-7 +- Add a dummy source file for testing /preventing fedpkg breakage +- Helps test the fedpkg new-sources and upload commands for breakage by nss updates +- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources + +* Thu Nov 01 2012 Elio Maldonado - 3.14-6 +- Fix a previous unwanted merge from f18 +- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while +- Keeping the patch disabled while we are still in rawhide and +- State in comment that patch is needed for both stable and beta branches +- Update .gitignore to download only the new sources + +* Wed Oct 31 2012 Elio Maldonado - 3.14-5 +- Fix the spec file so sechash.h gets installed +- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14 + +* Sat Oct 27 2012 Elio Maldonado - 3.14-4 +- Update the license to MPLv2.0 + +* Wed Oct 24 2012 Elio Maldonado - 3.14-3 +- Use only -f when removing unwanted headers + +* Tue Oct 23 2012 Elio Maldonado - 3.14-2 +- Add secmodt.h to the headers installed by nss-devel +- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14 + +* Mon Oct 22 2012 Elio Maldonado - 3.14-1 +- Update to NSS_3_14_RTM + +* Sun Oct 21 2012 Elio Maldonado - 3.14-0.1.rc.1 +- Update to NSS_3_14_RC1 +- update nss-589636.patch to apply to httpdserv +- turn off ocsp tests for now +- remove no longer needed patches +- remove headers shipped by nss-util + +* Fri Oct 05 2012 Kai Engert - 3.13.6-1 +- Update to NSS_3_13_6_RTM + +* Mon Aug 27 2012 Elio Maldonado - 3.13.5-8 +- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 +- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load +- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer +- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix + +* Mon Aug 13 2012 Elio Maldonado - 3.13.5-7 +- Fix pluggable ecc support + +* Fri Jul 20 2012 Fedora Release Engineering - 3.13.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jul 01 2012 Elio Maldonado - 3.13.5-5 +- Fix checkin comment to prevent unwanted expansions of percents + +* Sun Jul 01 2012 Elio Maldonado - 3.13.5-4 +- Resolves: Bug 830410 - Missing Requires %%{?_isa} +- Use Requires: %%{name}%%{?_isa} = %%{version}-%%{release} on tools +- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib +- Enable sha224 portion of powerup selftest when running test suites +- Require nspr 4.9.1 + +* Wed Jun 20 2012 Elio Maldonado - 3.13.5-3 +- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in + +* Tue Jun 19 2012 Elio Maldonado - 3.13.5-2 +- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in + +* Mon Jun 18 2012 Elio Maldonado - 3.13.5-1 +- Update to NSS_3_13_5_RTM + +* Fri Apr 13 2012 Elio Maldonado - 3.13.4-3 +- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3 + +* Sun Apr 08 2012 Elio Maldonado - 3.13.4-2 +- Resolves: Bug 805723 - Library needs partial RELRO support added +- Patch coreconf/Linux.mk as done on RHEL 6.2 + +* Fri Apr 06 2012 Elio Maldonado - 3.13.4-1 +- Update to NSS_3_13_4_RTM +- Update the nss-pem source archive to the latest version +- Remove no longer needed patches +- Resolves: Bug 806043 - use pem files interchangeably in a single process +- Resolves: Bug 806051 - PEM various flaws detected by Coverity +- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name + +* Wed Mar 21 2012 Elio Maldonado - 3.13.3-4 +- Resolves: Bug 805723 - Library needs partial RELRO support added + +* Fri Mar 09 2012 Elio Maldonado - 3.13.3-3 +- Cleanup of the spec file +- Add references to the upstream bugs +- Fix typo in Summary for sysinit + +* Thu Mar 08 2012 Elio Maldonado - 3.13.3-2 +- Pick up fixes from RHEL +- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync +- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update +- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections + +* Thu Mar 01 2012 Elio Maldonado - 3.13.3-1 +- Update to NSS_3_13_3_RTM + +* Mon Jan 30 2012 Tom Callaway - 3.13.1-13 +- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals + +* Thu Jan 26 2012 Elio Maldonado - 3.13.1-12 +- Resolves: Bug 784672 - nss should protect against being called before nss_Init + +* Fri Jan 13 2012 Fedora Release Engineering - 3.13.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Jan 06 2012 Elio Maldonado - 3.13.1-11 +- Deactivate a patch currently meant for stable branches only + +* Fri Jan 06 2012 Elio Maldonado - 3.13.1-10 +- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity +- NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request + +* Tue Dec 13 2011 elio maldonado - 3.13.1-9 +- Revert to using current nss_softokn_version +- Patch to deal with lack of sha224 is no longer needed + +* Tue Dec 13 2011 Elio Maldonado - 3.13.1-8 +- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV + +* Mon Dec 12 2011 Elio Maldonado - 3.13.1-7 +- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS +- Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y +- Only patch blapitest for the lack of sha224 on system freebl +- Completed the patch to make pem link against system freebl + +* Mon Dec 05 2011 Elio Maldonado - 3.13.1-6 +- Removed unwanted /usr/include/nss3 in front of the normal cflags include path +- Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible + +* Sun Dec 04 2011 Elio Maldonado - 3.13.1-5 +- Statically link the pem module against system freebl found in buildroot +- Disabling sha224-related powerup selftest until we update softokn +- Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support + +* Fri Dec 02 2011 Elio Maldonado Batiz - 3.13.1-4 +- Rebuild with nss-softokn from 3.12 in the buildroot +- Allows the pem module to statically link against 3.12.x freebl +- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo +- Build will be temprarily placed on buildroot override but not pushed in bodhi + +* Fri Nov 04 2011 Elio Maldonado - 3.13.1-2 +- Fix broken dependencies by updating the nss-util and nss-softokn versions + +* Thu Nov 03 2011 Elio Maldonado - 3.13.1-1 +- Update to NSS_3_13_1_RTM +- Update builtin certs to those from NSSCKBI_1_88_RTM + +* Sat Oct 15 2011 Elio Maldonado - 3.13-1 +- Update to NSS_3_13_RTM + +* Sat Oct 08 2011 Elio Maldonado - 3.13-0.1.rc0.1 +- Update to NSS_3_13_RC0 + +* Wed Sep 14 2011 Elio Maldonado - 3.12.11-3 +- Fix attempt to free initilized pointer (#717338) +- Fix leak on pem_CreateObject when given non-existing file name (#734760) +- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410) + +* Tue Sep 06 2011 Kai Engert - 3.12.11-2 +- Update builtins certs to those from NSSCKBI_1_87_RTM + +* Tue Aug 09 2011 Elio Maldonado - 3.12.11-1 +- Update to NSS_3_12_11_RTM + +* Sat Jul 23 2011 Elio Maldonado - 3.12.10-6 +- Indicate the provenance of stripped source tarball (#688015) + +* Mon Jun 27 2011 Michael Schwendt - 3.12.10-5 +- Provide virtual -static package to meet guidelines (#609612). + +* Fri Jun 10 2011 Elio Maldonado - 3.12.10-4 +- Enable pluggable ecc support (#712556) +- Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045) + +* Fri May 20 2011 Dennis Gilmore - 3.12.10-3 +- make the testsuite non fatal on arm arches + +* Tue May 17 2011 Elio Maldonado - 3.12.10-2 +- Fix crmf hard-coded maximum size for wrapped private keys (#703656) + +* Fri May 06 2011 Elio Maldonado - 3.12.10-1 +- Update to NSS_3_12_10_RTM + +* Wed Apr 27 2011 Elio Maldonado - 3.12.10-0.1.beta1 +- Update to NSS_3_12_10_BETA1 + +* Mon Apr 11 2011 Elio Maldonado - 3.12.9-15 +- Implement PEM logging using NSPR's own (#695011) + +* Wed Mar 23 2011 Elio Maldonado - 3.12.9-14 +- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM + +* Thu Feb 24 2011 Elio Maldonado - 3.12.9-13 +- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) + +* Fri Feb 18 2011 Elio Maldonado - 3.12.9-12 +- Add a missing requires for pkcs11-devel (#675196) + +* Tue Feb 15 2011 Elio Maldonado - 3.12.9-11 +- Run the test suites in the check section (#677809) + +* Thu Feb 10 2011 Elio Maldonado - 3.12.9-10 +- Fix cms headers to not use c++ reserved words (#676036) +- Reenabling Bug 499444 patches +- Fix to swap internal key slot on fips mode switches + +* Tue Feb 08 2011 Elio Maldonado - 3.12.9-9 +- Revert patches for 499444 until all c++ reserved words are found and extirpated + +* Tue Feb 08 2011 Fedora Release Engineering - 3.12.9-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 08 2011 Elio Maldonado - 3.12.9-7 +- Fix cms header to not use c++ reserved word (#676036) +- Reenable patches for bug 499444 + +* Tue Feb 08 2011 Christopher Aillon - 3.12.9-6 +- Revert patches for 499444 as they use a C++ reserved word and + cause compilation of Firefox to fail + +* Fri Feb 04 2011 Elio Maldonado - 3.12.9-5 +- Fix the earlier infinite recursion patch (#499444) +- Remove a header that now nss-softokn-freebl-devel ships + +* Tue Feb 01 2011 Elio Maldonado - 3.12.9-4 +- Fix infinite recursion when encoding NSS enveloped/digested data (#499444) + +* Mon Jan 31 2011 Elio Maldonado - 3.12.9-3 +- Update the cacert trust patch per upstream review requests (#633043) + +* Wed Jan 19 2011 Elio Maldonado - 3.12.9-2 +- Fix to honor the user's cert trust preferences (#633043) +- Remove obsoleted patch + +* Wed Jan 12 2011 Elio Maldonado - 3.12.9-1 +- Update to 3.12.9 + +* Mon Dec 27 2010 Elio Maldonado - 3.12.9-0.1.beta2 +- Rebuilt according to fedora pre-release package naming guidelines + +* Fri Dec 10 2010 Elio Maldonado - 3.12.8.99.2-1 +- Update to NSS_3_12_9_BETA2 +- Fix libpnsspem crash when cacert dir contains other directories (#642433) + +* Wed Dec 08 2010 Elio Maldonado - 3.12.8.99.1-1 +- Update to NSS_3_12_9_BETA1 + +* Thu Nov 25 2010 Elio Maldonado - 3.12.8-9 +- Update pem source tar with fixes for 614532 and 596674 +- Remove no longer needed patches + +* Fri Nov 05 2010 Elio Maldonado - 3.12.8-8 +- Update PayPalEE.cert test certificate which had expired + +* Sun Oct 31 2010 Elio Maldonado - 3.12.8-7 +- Tell rpm not to verify md5, size, and modtime of configurations file + +* Mon Oct 18 2010 Elio Maldonado - 3.12.8-6 +- Fix certificates trust order (#643134) +- Apply nss-sysinit-userdb-first.patch last + +* Wed Oct 06 2010 Elio Maldonado - 3.12.8-5 +- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248) + +* Tue Oct 05 2010 Elio Maldonado - 3.12.8-4 +- Fix invalid %%postun scriptlet (#639248) + +* Wed Sep 29 2010 Elio Maldonado - 3.12.8-3 +- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) +- Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801) + +* Mon Sep 27 2010 Elio Maldonado - 3.12.8-2 +- Add posttrans scriptlet (#636787) + +* Thu Sep 23 2010 Elio Maldonado - 3.12.8-1 +- Update to 3.12.8 +- Prevent disabling of nss-sysinit on package upgrade (#636787) +- Create pkcs11.txt with correct permissions regardless of umask (#636792) +- Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) +- Added provides pkcs11-devel-static to comply with packaging guidelines (#609612) + +* Sat Sep 18 2010 Elio Maldonado - 3.12.7.99.4-1 +- NSS 3.12.8 RC0 + +* Sun Sep 05 2010 Elio Maldonado - 3.12.7.99.3-2 +- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3 + +* Sat Sep 04 2010 Elio Maldonado - 3.12.7.99.3-1 +- NSS 3.12.8 Beta3 +- Fix unclosed comment in renegotiate-transitional.patch + +* Sat Aug 28 2010 Elio Maldonado - 3.12.7-3 +- Change BuildRequries to available version of nss-util-devel + +* Sat Aug 28 2010 Elio Maldonado - 3.12.7-2 +- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch +- Add comments regarding an unversioned provides which triggers rpmlint warning +- Build requires nss-softokn-devel >= 3.12.7 + +* Mon Aug 16 2010 Elio Maldonado - 3.12.7-1 +- Update to 3.12.7 + +* Sat Aug 14 2010 Elio Maldonado - 3.12.6-12 +- Apply the patches to fix rhbz#614532 + +* Mon Aug 09 2010 Elio Maldonado - 3.12.6-11 +- Removed pem sourecs as they are in the cache + +* Mon Aug 09 2010 Elio Maldonado - 3.12.6-10 +- Add support for PKCS#8 encoded PEM RSA private key files (#614532) + +* Sat Jul 31 2010 Elio Maldonado - 3.12.6-9 +- Fix nsssysinit to return userdb ahead of systemdb (#603313) + +* Tue Jun 08 2010 Dennis Gilmore - 3.12.6-8 +- Require and BuildRequire >= the listed version not = + +* Tue Jun 08 2010 Elio Maldonado - 3.12.6-7 +- Require nss-softoken 3.12.6 + +* Sun Jun 06 2010 Elio Maldonado - 3.12.6-6 +- Fix SIGSEGV within CreateObject (#596674) + +* Mon Apr 12 2010 Elio Maldonado - 3.12.6-5 +- Update pem source tar to pick up the following bug fixes: +- PEM - Allow collect objects to search through all objects +- PEM - Make CopyObject return a new shallow copy +- PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv + +* Wed Apr 07 2010 Elio Maldonado - 3.12.6-4 +- Update the test cert in the setup phase + +* Wed Apr 07 2010 Elio Maldonado - 3.12.6-3 +- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) +- Update PayPalEE test cert with unexpired one (#580207) + +* Thu Mar 18 2010 Elio Maldonado - 3.12.6-2 +- Fix ns.spec to not require nss-softokn (#575001) + +* Sat Mar 06 2010 Elio Maldonado - 3.12.6-1.2 +- rebuilt with all tests enabled + +* Sat Mar 06 2010 Elio Maldonado - 3.12.6-1.1 +- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period +- Disabling ssl tests suites until bug 539183 is resolved + +* Sat Mar 06 2010 Elio Maldonado - 3.12.6-1 +- Update to 3.12.6 +- Reactivate all tests +- Patch tools to validate command line options arguments + +* Mon Jan 25 2010 Elio Maldonado - 3.12.5-8 +- Fix curl related regression and general patch code clean up + +* Wed Jan 13 2010 Elio Maldonado - 3.12.5-5 +- retagging + +* Tue Jan 12 2010 Elio Maldonado - 3.12.5-1.1 +- Fix SIGSEGV on call of NSS_Initialize (#553638) + +* Wed Jan 06 2010 Elio Maldonado - 3.12.5-1.13.2 +- New version of patch to allow root to modify ystem database (#547860) + +* Thu Dec 31 2009 Elio Maldonado - 3.12.5-1.13.1 +- Temporarily disabling the ssl tests + +* Sat Dec 26 2009 Elio Maldonado - 3.12.5-1.13 +- Fix nsssysinit to allow root to modify the nss system database (#547860) + +* Fri Dec 25 2009 Elio Maldonado - 3.12.5-1.11 +- Fix an error introduced when adapting the patch for rhbz #546211 + +* Sat Dec 19 2009 Elio maldonado - 3.12.5-1.9 +- Remove left over trace statements from nsssysinit patching + +* Fri Dec 18 2009 Elio Maldonado - 3.12.5-2.7 +- Fix a misconstructed patch + +* Thu Dec 17 2009 Elio Maldonado - 3.12.5-1.6 +- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) +- Fix spec so sysinit requires coreutils for post install scriplet (#547067) +- Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387) + +* Thu Dec 10 2009 Elio Maldonado - 3.12.5-1.5 +- Fix nsssysinit to set the default flags on the crypto module (#545779) +- Remove redundant header from the pem module + +* Wed Dec 09 2009 Elio Maldonado - 3.12.5-1.1 +- Remove unneeded patch + +* Thu Dec 03 2009 Elio Maldonado - 3.12.5-1.1 +- Retagging to include missing patch + +* Thu Dec 03 2009 Elio Maldonado - 3.12.5-1 +- Update to 3.12.5 +- Patch to allow ssl/tls clients to interoperate with servers that require renogiation + +* Fri Nov 20 2009 Elio Maldonado - 3.12.4-14.1 +- Retagging + +* Tue Oct 20 2009 Elio Maldonado - 3.12.4-13.1 +- Require nss-softoken of same architecture as nss (#527867) +- Merge setup-nsssysinit.sh improvements from F-12 (#527051) + +* Sat Oct 03 2009 Elio Maldonado - 3.12.4-13 +- User no longer prompted for a password when listing keys an empty system db (#527048) +- Fix setup-nsssysinit to handle more general formats (#527051) + +* Sun Sep 27 2009 Elio Maldonado - 3.12.4-12 +- Fix syntax error in setup-nsssysinit.sh + +* Sun Sep 27 2009 Elio Maldonado - 3.12.4-11 +- Fix sysinit to be under mozilla/security/nss/lib + +* Sat Sep 26 2009 Elio Maldonado - 3.12.4-10 +- Add nss-sysinit activation/deactivation script + +* Fri Sep 18 2009 Elio Maldonado - 3.12.4-8 +- Restoring nssutil and -rpath-link to nss-config for now - 522477 + +* Tue Sep 08 2009 Elio Maldonado - 3.12.4-6 +- Installing shared libraries to %%{_libdir} + +* Mon Sep 07 2009 Elio Maldonado - 3.12.4-5 +- Retagging to pick up new sources + +* Mon Sep 07 2009 Elio Maldonado - 3.12.4-4 +- Update pem enabling source tar with latest fixes (509705, 51209) + +* Sun Sep 06 2009 Elio Maldonado - 3.12.4-3 +- PEM module implements memory management for internal objects - 509705 +- PEM module doesn't crash when processing malformed key files - 512019 + +* Sat Sep 05 2009 Elio Maldonado - 3.12.4-2 +- Remove symbolic links to shared libraries from devel - 521155 +- No rpath-link in nss-softokn-config + +* Tue Sep 01 2009 Elio Maldonado - 3.12.4-1 +- Update to 3.12.4 + +* Mon Aug 31 2009 Elio Maldonado - 3.12.3.99.3-30 +- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 +- Fixed requires and buildrequires as per recommendations in spec file review + +* Sun Aug 30 2009 Elio Maldonado - 3.12.3.99.3-29 +- Restoring patches 2 and 7 as we still compile all sources +- Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems + +* Sun Aug 30 2009 Elio Maldonado - 3.12.3.99.3-28 +- restore require sqlite + +* Sat Aug 29 2009 Elio Maldonado - 3.12.3.99.3-27 +- Don't require sqlite for nss + +* Sat Aug 29 2009 Elio Maldonado - 3.12.3.99.3-26 +- Ensure versions in the requires match those used when creating nss.pc + +* Fri Aug 28 2009 Elio Maldonado - 3.12.3.99.3-25 +- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn +- Add a temprary hack to nss.pc.in to unblock builds + +* Fri Aug 28 2009 Warren Togami - 3.12.3.99.3-24 +- caolan's nss.pc patch + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-23 +- Bump the release number for a chained build of nss-util, nss-softokn and nss + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-22 +- Fix nss-config not to include nssutil +- Add BuildRequires on nss-softokn and nss-util since build also runs the test suite + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-21 +- disabling all tests while we investigate a buffer overflow bug + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-20 +- disabling some tests while we investigate a buffer overflow bug - 519766 + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-19 +- remove patches that are now in nss-softokn and +- remove spurious exec-permissions for nss.pc per rpmlint +- single requires line in nss.pc.in + +* Wed Aug 26 2009 Elio Maldonado - 3.12.3.99.3-18 +- Fix BuildRequires: nss-softokn-devel release number + +* Wed Aug 26 2009 Elio Maldonado - 3.12.3.99.3-16 +- cleanups for softokn + +* Tue Aug 25 2009 Dennis Gilmore - 3.12.3.99.3-15 +- remove the softokn subpackages + +* Mon Aug 24 2009 Dennis Gilmore - 3.12.3.99.3-14 +- don install the nss-util pkgconfig bits + +* Mon Aug 24 2009 Dennis Gilmore - 3.12.3.99.3-13 +- remove from -devel the 3 headers that ship in nss-util-devel + +* Mon Aug 24 2009 Dennis Gilmore - 3.12.3.99.3-12 +- kill off the nss-util nss-util-devel subpackages + +* Sun Aug 23 2009 Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11 +- split off nss-softokn and nss-util as subpackages with their own rpms +- first phase of splitting nss-softokn and nss-util as their own packages + +* Thu Aug 20 2009 Elio Maldonado - 3.12.3.99.3-10 +- must install libnssutil3.since nss-util is untagged at the moment +- preserve time stamps when installing various files + +* Thu Aug 20 2009 Dennis Gilmore - 3.12.3.99.3-9 +- dont install libnssutil3.so since its now in nss-util + +* Thu Aug 06 2009 Elio Maldonado - 3.12.3.99.3-7.1 +- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild + +* Sat Jul 25 2009 Fedora Release Engineering - 3.12.3.99.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 22 2009 Elio Maldonado - 3.12.3.99.3-6 +- removed two patch files which are no longer needed and fixed previous change log number +* Mon Jun 22 2009 Elio Maldonado - 3.12.3.99.3-5 +- updated pem module incorporates various patches +- fix off-by-one error when computing size to reduce memory leak. (483855) +- fix data type to work on x86_64 systems. (429175) +- fix various memory leaks and free internal objects on module unload. (501080) +- fix to not clone internal objects in collect_objects(). (501118) +- fix to not bypass initialization if module arguments are omitted. (501058) +- fix numerous gcc warnings. (500815) +- fix to support arbitrarily long password while loading a private key. (500180) +- fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191) +* Mon Jun 08 2009 Elio Maldonado - 3.12.3.99.3-4 +- add patch for bug 502133 upstream bug 496997 +* Fri Jun 05 2009 Kai Engert - 3.12.3.99.3-3 +- rebuild with higher release number for upgrade sanity +* Fri Jun 05 2009 Kai Engert - 3.12.3.99.3-2 +- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75 +* Thu May 07 2009 Kai Engert - 3.12.3-7 +- re-enable test suite +- add patch for upstream bug 488646 and add newer paypal + certs in order to make the test suite pass +* Wed May 06 2009 Kai Engert - 3.12.3-4 +- add conflicts info in order to fix bug 499436 +* Tue Apr 14 2009 Kai Engert - 3.12.3-3 +- ship .chk files instead of running shlibsign at install time +- include .chk file in softokn-freebl subpackage +- add patch for upstream nss bug 488350 +* Tue Apr 14 2009 Kai Engert - 3.12.3-2 +- Update to NSS 3.12.3 +* Mon Apr 06 2009 Kai Engert - 3.12.2.99.3-7 +- temporarily disable the test suite because of bug 494266 +* Mon Apr 06 2009 Kai Engert - 3.12.2.99.3-6 +- fix softokn-freebl dependency for multilib (bug 494122) +* Thu Apr 02 2009 Kai Engert - 3.12.2.99.3-5 +- introduce separate nss-softokn-freebl package +* Thu Apr 02 2009 Kai Engert - 3.12.2.99.3-4 +- disable execstack when building freebl +* Tue Mar 31 2009 Kai Engert - 3.12.2.99.3-3 +- add upstream patch to fix bug 483855 +* Tue Mar 31 2009 Kai Engert - 3.12.2.99.3-2 +- build nspr-less freebl library +* Tue Mar 31 2009 Kai Engert - 3.12.2.99.3-1 +- Update to NSS_3_12_3_BETA4 + +* Wed Feb 25 2009 Fedora Release Engineering - 3.12.2.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Oct 22 2008 Kai Engert - 3.12.2.0-3 +- update to NSS_3_12_2_RC1 +- use system zlib +* Tue Sep 30 2008 Dennis Gilmore - 3.12.1.1-4 +- add sparc64 to the list of 64 bit arches + +* Wed Sep 24 2008 Kai Engert - 3.12.1.1-3 +- bug 456847, move pkgconfig requirement to devel package +* Fri Sep 05 2008 Kai Engert - 3.12.1.1-2 +- Update to NSS_3_12_1_RC2 +* Fri Aug 22 2008 Kai Engert - 3.12.1.0-2 +- NSS 3.12.1 RC1 +* Fri Aug 15 2008 Kai Engert - 3.12.0.3-7 +- fix bug bug 429175 in libpem module +* Tue Aug 05 2008 Kai Engert - 3.12.0.3-6 +- bug 456847, add Requires: pkgconfig +* Tue Jun 24 2008 Kai Engert - 3.12.0.3-3 +- nss package should own /etc/prelink.conf.d folder, rhbz#452062 +- use upstream patch to fix test suite abort +* Mon Jun 02 2008 Kai Engert - 3.12.0.3-2 +- Update to NSS_3_12_RC4 +* Mon Apr 14 2008 Kai Engert - 3.12.0.1-1 +- Update to NSS_3_12_RC2 +* Thu Mar 20 2008 Jesse Keating - 3.11.99.5-2 +- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache. +* Mon Mar 17 2008 Kai Engert - 3.11.99.5-1 +- Update to NSS_3_12_BETA3 +* Fri Feb 22 2008 Kai Engert - 3.11.99.4-1 +- NSS 3.12 Beta 2 +- Use /usr/lib{64} as devel libdir, create symbolic links. +* Sat Feb 16 2008 Kai Engert - 3.11.99.3-6 +- Apply upstream patch for bug 417664, enable test suite on pcc. +* Fri Feb 15 2008 Kai Engert - 3.11.99.3-5 +- Support concurrent runs of the test suite on a single build host. +* Thu Feb 14 2008 Kai Engert - 3.11.99.3-4 +- disable test suite on ppc +* Thu Feb 14 2008 Kai Engert - 3.11.99.3-3 +- disable test suite on ppc64 + +* Thu Feb 14 2008 Kai Engert - 3.11.99.3-2 +- Build against gcc 4.3.0, use workaround for bug 432146 +- Run the test suite after the build and abort on failures. + +* Thu Jan 24 2008 Kai Engert - 3.11.99.3-1 +* NSS 3.12 Beta 1 + +* Mon Jan 07 2008 Kai Engert - 3.11.99.2b-3 +- move .so files to /lib + +* Wed Dec 12 2007 Kai Engert - 3.11.99.2b-2 +- NSS 3.12 alpha 2b + +* Mon Dec 03 2007 Kai Engert - 3.11.99.2-2 +- upstream patches to avoid calling netstat for random data + +* Wed Nov 07 2007 Kai Engert - 3.11.99.2-1 +- NSS 3.12 alpha 2 + +* Wed Oct 10 2007 Kai Engert - 3.11.7-10 +- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist + our signed libraries and protect them from modification. + +* Thu Sep 06 2007 Rob Crittenden - 3.11.7-9 +- Fix off-by-one error in the PEM module + +* Thu Sep 06 2007 Kai Engert - 3.11.7-8 +- fix a C++ mode compilation error + +* Wed Sep 05 2007 Bob Relyea - 3.11.7-7 +- Add 3.12 ckfw and libnsspem + +* Tue Aug 28 2007 Kai Engert - 3.11.7-6 +- Updated license tag + +* Wed Jul 11 2007 Kai Engert - 3.11.7-5 +- Ensure the workaround for mozilla bug 51429 really get's built. + +* Mon Jun 18 2007 Kai Engert - 3.11.7-4 +- Better approach to ship freebl/softokn based on 3.11.5 +- Remove link time dependency on softokn + +* Sun Jun 10 2007 Kai Engert - 3.11.7-3 +- Fix unowned directories, rhbz#233890 + +* Fri Jun 01 2007 Kai Engert - 3.11.7-2 +- Update to 3.11.7, but freebl/softokn remain at 3.11.5. +- Use a workaround to avoid mozilla bug 51429. + +* Fri Mar 02 2007 Kai Engert - 3.11.5-2 +- Fix rhbz#230545, failure to enable FIPS mode +- Fix rhbz#220542, make NSS more tolerant of resets when in the + middle of prompting for a user password. + +* Sat Feb 24 2007 Kai Engert - 3.11.5-1 +- Update to 3.11.5 +- This update fixes two security vulnerabilities with SSL 2 +- Do not use -rpath link option +- Added several unsupported tools to tools package + +* Tue Jan 9 2007 Bob Relyea - 3.11.4-4 +- disable ECC, cleanout dead code + +* Tue Nov 28 2006 Kai Engert - 3.11.4-1 +- Update to 3.11.4 + +* Thu Sep 14 2006 Kai Engert - 3.11.3-2 +- Revert the attempt to require latest NSPR, as it is not yet available + in the build infrastructure. + +* Thu Sep 14 2006 Kai Engert - 3.11.3-1 +- Update to 3.11.3 + +* Thu Aug 03 2006 Kai Engert - 3.11.2-2 +- Add /etc/pki/nssdb + +* Wed Jul 12 2006 Jesse Keating - 3.11.2-1.1 +- rebuild + +* Fri Jun 30 2006 Kai Engert - 3.11.2-1 +- Update to 3.11.2 +- Enable executable bit on shared libs, also fixes debug info. + +* Wed Jun 14 2006 Kai Engert - 3.11.1-2 +- Enable Elliptic Curve Cryptography (ECC) + +* Fri May 26 2006 Kai Engert - 3.11.1-1 +- Update to 3.11.1 +- Include upstream patch to limit curves + +* Wed Feb 15 2006 Kai Engert - 3.11-4 +- add --noexecstack when compiling assembler on x86_64 + +* Fri Feb 10 2006 Jesse Keating - 3.11-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 3.11-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Thu Jan 19 2006 Ray Strode 3.11-3 +- rebuild + +* Fri Dec 16 2005 Christopher Aillon 3.11-2 +- Update file list for the devel packages + +* Thu Dec 15 2005 Christopher Aillon 3.11-1 +- Update to 3.11 + +* Thu Dec 15 2005 Christopher Aillon 3.11-0.cvs.2 +- Add patch to allow building on ppc* +- Update the pkgconfig file to Require nspr + +* Thu Dec 15 2005 Christopher Aillon 3.11-0.cvs +- Initial import into Fedora Core, based on a CVS snapshot of + the NSS_3_11_RTM tag +- Fix up the pkcs11-devel subpackage to contain the proper headers +- Build with RPM_OPT_FLAGS +- No need to have rpath of /usr/lib in the pc file + +* Thu Dec 15 2005 Kai Engert +- Adressed review comments by Wan-Teh Chang, Bob Relyea, + Christopher Aillon. + +* Sat Jul 9 2005 Rob Crittenden 3.10-1 +- Initial build