Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mozilla-nss for openSUSE:Factory
checked in at 2023-07-06 18:28:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
and /work/SRC/openSUSE:Factory/.mozilla-nss.new.23466 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss"
Thu Jul 6 18:28:01 2023 rev:204 rq:1096951 version:3.90
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2023-06-11
19:52:54.598302104 +0200
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.23466/mozilla-nss.changes
2023-07-06 18:28:06.322936703 +0200
@@ -1,0 +2,54 @@
+Tue Jul 4 08:20:31 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- update to NSS 3.90
+ * bmo#1623338 - ride along: remove a duplicated doc page
+ * bmo#1623338 - remove a reference to IRC
+ * bmo#1831983 - clang-format lib/freebl/stubs.c
+ * bmo#1831983 - Add a constant time select function
+ * bmo#1774657 - Updating an old dbm with lots of certs with keys to
+ sql results in a database that is slow to access.
+ * bmo#1830973 - output early build errors by default
+ * bmo#1804505 - Update the technical constraints for KamuSM
+ * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
+ * bmo#1790763 - Enable default UBSan Checks
+ * bmo#1786018 - Add explicit handling of zero length records
+ * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
+ * bmo#1786018 - Refactor zero length record tests
+ * bmo#1829112 - Fix compiler warning via correct assert
+ * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
+ * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths
+ larger than the output size of the hash function used,
+ or provide an indicator
+ * bmo#1784163 - Fix reading raw negative numbers
+ * bmo#1748237 - Repairing unreachable code in clang built with gyp
+ * bmo#1783647 - Integrate Vale Curve25519
+ * bmo#1799468 - Removing unused flags for Hacl*
+ * bmo#1748237 - Adding a better error message
+ * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
+ * bmo#1782980 - Fall back to the softokn when writing certificate trust
+ * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
+ * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
+ * bmo#1818766 - Update ACVP dockerfile for compatibility with debian
+ package changes
+ * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update
+ whitespace in ECCKiila files
+ * bmo#1819958 - Removed deprecated sprintf function and replaced with
snprintf
+ * bmo#1822076 - fix rst warnings in nss doc
+ * bmo#1821997 - Fix incorrect pygment style
+ * bmo#1821292 - Change GYP directive to apply across platforms
+ * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
+- add nss-fix-bmo1836925.patch to fix build-errors
+- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
+ the workaround in FIPS mode (bsc#1200325)
+- Remove nss-fips-tests-skip.patch. This is no longer needed since
+ we removed the code to short-circuit broken hashes and moved to
+ using the SLI
+- Add nss-allow-slow-tests.patch, which allows a timed test to run
+ longer than 1s. This avoids turning slow builds into broken builds
+- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
+ entropy. This is disabled until we can avoid the inline assembler
+ in the latter's header file that relies on GNU extensions
+- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
+ checks
+
+-------------------------------------------------------------------
Old:
----
nss-3.89.1.tar.gz
nss-fips-tests-skip.patch
nss-fips-tls-allow-md5-prf.patch
New:
----
nss-3.90.tar.gz
nss-allow-slow-tests.patch
nss-fips-drbg-libjitter.patch
nss-fips-pct-pubkeys.patch
nss-fix-bmo1836925.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.558950430 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.562950454 +0200
@@ -17,14 +17,14 @@
#
-%global nss_softokn_fips_version 3.89
+%global nss_softokn_fips_version 3.90
%define NSPR_min_version 4.35
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss
-Version: 3.89.1
+Version: 3.90
Release: 0
-%define underscore_version 3_89_1
+%define underscore_version 3_90
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
@@ -65,7 +65,6 @@
Patch20: nss-fips-cavs-rsa-fixes.patch
Patch21: nss-fips-approved-crypto-non-ec.patch
Patch22: nss-fips-zeroization.patch
-Patch23: nss-fips-tls-allow-md5-prf.patch
Patch24: nss-fips-use-strong-random-pool.patch
Patch25: nss-fips-detect-fips-mode-fixes.patch
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
@@ -74,8 +73,11 @@
Patch38: nss-fips-stricter-dh.patch
Patch40: nss-fips-180-3-csp-clearing.patch
Patch41: nss-fips-pbkdf-kat-compliance.patch
-Patch42: nss-fips-tests-skip.patch
Patch44: nss-fips-tests-enable-fips.patch
+Patch45: nss-fips-drbg-libjitter.patch
+Patch46: nss-allow-slow-tests.patch
+Patch47: nss-fips-pct-pubkeys.patch
+Patch48: nss-fix-bmo1836925.patch
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
BuildRequires: gcc9-c++
@@ -86,6 +88,12 @@
BuildRequires: pkgconfig(nspr) >= %{NSPR_min_version}
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(zlib)
+%if 0%{?sle_version} >= 150400
+BuildRequires: jitterentropy-devel
+# Libjitter needs to be present before AND after the install
+Requires(pre): libjitterentropy3
+Requires: libjitterentropy3
+%endif
Requires: libfreebl3 >= %{nss_softokn_fips_version}
Requires: libsoftokn3 >= %{nss_softokn_fips_version}
Requires: mozilla-nspr >= %{NSPR_min_version}
@@ -209,7 +217,6 @@
%patch20 -p1
%patch21 -p1
%patch22 -p1
-%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
@@ -218,8 +225,14 @@
%patch38 -p1
%patch40 -p1
%patch41 -p1
-%patch42 -p1
%patch44 -p1
+# Libjitter only for SLE15 SP4+
+%if 0%{?sle_version} >= 150400
+%patch45 -p1
+%endif
+%patch46 -p1
+%patch47 -p1
+%patch48 -p1
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.642950946 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.646950971 +0200
@@ -10,7 +10,7 @@
+/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk
libfreebl3
- provides "libfreebl3-hmac-<targettype> = <version>-%release"
+ provides "libfreebl3-hmac-<targettype> = <version>-%release"
obsoletes "libfreebl3-hmac-<targettype> < <version>-%release"
+/lib/libfreebl3.chk
+/lib/libfreeblpriv3.chk
++++++ nss-3.89.1.tar.gz -> nss-3.90.tar.gz ++++++
/work/SRC/openSUSE:Factory/mozilla-nss/nss-3.89.1.tar.gz
/work/SRC/openSUSE:Factory/.mozilla-nss.new.23466/nss-3.90.tar.gz differ: char
5, line 1
++++++ nss-allow-slow-tests.patch ++++++
Index: nss/tests/sdr/sdr.sh
===================================================================
--- nss.orig/tests/sdr/sdr.sh
+++ nss/tests/sdr/sdr.sh
@@ -146,7 +146,8 @@ sdr_main()
RARRAY=($dtime)
TIMEARRAY=(${RARRAY[1]//./ })
echo "${TIMEARRAY[0]} seconds"
- html_msg ${TIMEARRAY[0]} 0 "pwdecrypt no time regression"
+ # Suse 2022-10-04: Need more time for slow build servers
+ html_msg $(( ${TIMEARRAY[0]} >= 5 )) 0 "pwdecrypt no time regression"
export NSS_MAX_MP_PBE_ITERATION_COUNT=$OLD_MAX_PBE_ITERATIONS
}
Index: nss/tests/dbtests/dbtests.sh
===================================================================
--- nss.orig/tests/dbtests/dbtests.sh
+++ nss/tests/dbtests/dbtests.sh
@@ -366,7 +366,8 @@ dbtest_main()
RARRAY=($dtime)
TIMEARRAY=(${RARRAY[1]//./ })
echo "${TIMEARRAY[0]} seconds"
- test ${TIMEARRAY[0]} -lt 2
+ # Was 2, but that is too small for OBS-workers.
+ test ${TIMEARRAY[0]} -lt 6
ret=$?
html_msg ${ret} 0 "certutil dump keys with explicit default trust flags"
fi
++++++ nss-fips-180-3-csp-clearing.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.710951364 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.710951364 +0200
@@ -16,7 +16,7 @@
===================================================================
--- nss.orig/lib/softoken/sftkdb.c
+++ nss/lib/softoken/sftkdb.c
-@@ -1506,7 +1506,7 @@ loser:
+@@ -1538,7 +1538,7 @@ loser:
PORT_ZFree(data, dataSize);
}
if (arena) {
++++++ nss-fips-approved-crypto-non-ec.patch ++++++
++++ 662 lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/mozilla-nss/nss-fips-approved-crypto-non-ec.patch
++++ and
/work/SRC/openSUSE:Factory/.mozilla-nss.new.23466/nss-fips-approved-crypto-non-ec.patch
++++++ nss-fips-combined-hash-sign-dsa-ecdsa.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.754951633 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.754951633 +0200
@@ -68,7 +68,7 @@
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
-@@ -2679,7 +2679,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
+@@ -2653,7 +2653,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@@ -77,7 +77,7 @@
{
SECItem signature, digest;
SECStatus rv;
-@@ -2697,6 +2697,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
+@@ -2671,6 +2671,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
return rv;
}
@@ -100,7 +100,7 @@
static SECStatus
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
void *dataBuf, unsigned int dataLen)
-@@ -2714,7 +2730,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
+@@ -2688,7 +2704,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
static SECStatus
nsc_ECDSASignStub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@@ -109,7 +109,7 @@
{
SECItem signature, digest;
SECStatus rv;
-@@ -2732,6 +2748,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
+@@ -2706,6 +2722,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
return rv;
}
@@ -132,7 +132,7 @@
/* NSC_SignInit setups up the signing operations. There are three basic
* types of signing:
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
-@@ -3601,6 +3633,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
+@@ -3575,6 +3607,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
info->hashOid = SEC_OID_##mmm; \
goto finish_rsa;
@@ -155,7 +155,7 @@
switch (pMechanism->mechanism) {
INIT_RSA_VFY_MECH(MD5)
INIT_RSA_VFY_MECH(MD2)
-@@ -4829,6 +4877,73 @@ loser:
+@@ -4807,6 +4855,73 @@ loser:
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
@@ -229,7 +229,7 @@
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
-@@ -4882,8 +4997,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
+@@ -4860,8 +4975,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
/* Variables used for Signature/Verification functions. */
/* Must be at least 256 bits for DSA2 digest */
@@ -238,7 +238,7 @@
CK_ULONG signature_length;
if (keyType == CKK_RSA) {
-@@ -5037,76 +5150,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
+@@ -5015,76 +5128,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}
++++++ nss-fips-constructor-self-tests.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.766951707 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.770951731 +0200
@@ -63,6 +63,16 @@
/*********************************************************************/
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
+@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPo
+ */
+ extern int EC_GetPointSize(const ECParams *params);
+
++/* Unconditionally run the integrity check. */
++extern void BL_FIPSRepeatIntegrityCheck(void);
++
+ SEC_END_PROTOS
+
+ #endif /* _BLAPI_H_ */
Index: nss/lib/freebl/fips-selftest.inc
===================================================================
--- /dev/null
@@ -149,7 +159,7 @@
+ abort();
+}
+
-+/* check whether FIPS moode is mandated by the kernel */
++/* check whether FIPS mode is mandated by the kernel */
+static int
+fips_isWantedProc(void)
+{
@@ -247,7 +257,7 @@
+ }
+ fips_requests += fips_isWantedEnv();
+
-+ return fips_requests;
++ return fips_requests < 1 ? 0 : 1;
+}
+
+static PRBool
@@ -641,12 +651,12 @@
}
/*
-@@ -2251,28 +2279,104 @@ bl_startup_tests(void)
+@@ -2251,19 +2279,12 @@ bl_startup_tests(void)
* power on selftest failed.
*/
SECStatus
--BL_FIPSEntryOK(PRBool freebl_only)
-+BL_FIPSEntryOK(PRBool my_freebl_only)
+-BL_FIPSEntryOK(PRBool freebl_only, PRBool rerun)
++BL_FIPSEntryOK(PRBool my_freebl_only, PRBool rerun)
{
-#ifdef NSS_NO_INIT_SUPPORT
- /* this should only be set on platforms that can't handle one of the INIT
@@ -660,9 +670,10 @@
bl_startup_tests();
}
-#endif
-+
- /* if the general self tests succeeded, we're done */
- if (self_tests_success) {
+ if (rerun) {
+ /* reset the flags */
+ self_tests_freebl_ran = PR_FALSE;
+@@ -2277,10 +2298,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo
return SECSuccess;
}
/* standalone freebl can initialize */
@@ -674,6 +685,17 @@
return SECFailure;
}
+
++void
++BL_FIPSRepeatIntegrityCheck(void)
++{
++ fips_state = fips_initTest("freebl", NULL, NULL);
++
++ if (!fips_state)
++ {
++ fatal ("fips - freebl: Integrity test re-run failed - aborting.");
++ }
++}
++
+/* returns the FIPS mode we are running in or the one that we aspire to if the
+ * tests have not completed yet - which might happen during the crypto
selftest
+ */
@@ -756,11 +778,27 @@
+}
+
#endif
++
Index: nss/lib/freebl/loader.c
===================================================================
--- nss.orig/lib/freebl/loader.c
+++ nss/lib/freebl/loader.c
-@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
+@@ -95,6 +95,14 @@ BL_Init(void)
+ return (vector->p_BL_Init)();
+ }
+
++void
++BL_FIPSRepeatIntegrityCheck(void)
++{
++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
++ return;
++ (vector->p_BL_FIPSRepeatIntegrityCheck)();
++}
++
+ RSAPrivateKey *
+ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+ {
+@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
}
PRBool
@@ -774,7 +812,7 @@
}
/*
-@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
+@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
* in freebl_LoadDSO) to p_BLAPI_VerifySelf.
*/
PRBool
@@ -789,7 +827,7 @@
}
/* ============== New for 3.006 =============================== */
-@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
+@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
}
PRBool
@@ -827,6 +865,16 @@
/* Version 3.013 came to here */
+@@ -834,6 +834,9 @@ struct FREEBLVectorStr {
+
+ /* Add new function pointers at the end of this struct and bump
+ * FREEBL_VERSION at the beginning of this file. */
++
++ /* SUSE patch: Goes last */
++ void (*p_BL_FIPSRepeatIntegrityCheck)(void);
+ };
+
+ typedef struct FREEBLVectorStr FREEBLVector;
Index: nss/lib/freebl/manifest.mn
===================================================================
--- nss.orig/lib/freebl/manifest.mn
@@ -873,12 +921,12 @@
return SECSuccess;
}
--static PRBool blapi_SHVerifyFile(const char *shName, PRBool self);
-+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, int *err);
+-static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool
rerun);
++static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool
rerun, int *err);
static PRBool
--blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self)
-+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, int *err)
+-blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun)
++blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun,
int *err)
{
PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
@@ -888,100 +936,119 @@
if (!shName) {
goto loser;
}
-- result = blapi_SHVerifyFile(shName, self);
-+ result = blapi_SHVerifyFile(shName, self, err);
+- result = blapi_SHVerifyFile(shName, self, rerun);
++ result = blapi_SHVerifyFile(shName, self, rerun, err);
loser:
if (shName != NULL) {
-@@ -311,15 +311,15 @@ loser:
+@@ -311,25 +311,25 @@ loser:
}
PRBool
-BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+BLAPI_SHVerify(const char *name, PRFuncPtr addr, int *err)
{
-- return blapi_SHVerify(name, addr, PR_FALSE);
-+ return blapi_SHVerify(name, addr, PR_FALSE, err);
+ PRBool rerun = PR_FALSE;
+ if (name && *name == BLAPI_FIPS_RERUN_FLAG) {
+ name++;
+ rerun = PR_TRUE;
+ }
+- return blapi_SHVerify(name, addr, PR_FALSE, rerun);
++ return blapi_SHVerify(name, addr, PR_FALSE, rerun, err);
}
PRBool
-BLAPI_SHVerifyFile(const char *shName)
+BLAPI_SHVerifyFile(const char *shName, int *err)
{
-- return blapi_SHVerifyFile(shName, PR_FALSE);
-+ return blapi_SHVerifyFile(shName, PR_FALSE, err);
+ PRBool rerun = PR_FALSE;
+ if (shName && *shName == BLAPI_FIPS_RERUN_FLAG) {
+ shName++;
+ rerun = PR_TRUE;
+ }
+- return blapi_SHVerifyFile(shName, PR_FALSE, rerun);
++ return blapi_SHVerifyFile(shName, PR_FALSE, rerun, err);
}
#ifndef NSS_STRICT_INTEGRITY
-@@ -421,7 +421,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
- }
+@@ -432,7 +432,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
+ }
- static PRBool
-- blapi_SHVerifyFile(const char *shName, PRBool self)
-+ blapi_SHVerifyFile(const char *shName, PRBool self, int *err)
- {
- char *checkName = NULL;
- PRFileDesc *checkFD = NULL;
-@@ -462,14 +462,17 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
- /* open the check File */
- checkFD = PR_Open(checkName, PR_RDONLY, 0);
- if (checkFD == NULL) {
-+ if (err) {
-+ *err = PORT_GetError();
-+ }
+ static PRBool
+-blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun)
++blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun, int *err)
+ {
+ char *checkName = NULL;
+ PRFileDesc *checkFD = NULL;
+@@ -446,7 +446,7 @@ blapi_SHVerifyFile(const char *shName, P
+ int pid = 0;
+ #endif
+ PRBool result = PR_FALSE; /* if anything goes wrong,
+- * the signature does not verify */
++ * the signature does not verify */
+ NSSSignChkHeader header;
+ #ifndef NSS_STRICT_INTEGRITY
+ DSAPublicKey key;
+@@ -473,14 +473,17 @@ blapi_SHVerifyFile(const char *shName, P
+ /* open the check File */
+ checkFD = PR_Open(checkName, PR_RDONLY, 0);
+ if (checkFD == NULL) {
++ if (err) {
++ *err = PORT_GetError();
++ }
#ifdef DEBUG_SHVERIFY
-- fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
-- checkName, (int)PR_GetError(), (int)PR_GetOSError());
-+ fprintf(stderr, "Failed to open the check file %s: (%d)\n",
-+ checkName, (int)PR_GetError());
+- fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
+- checkName, (int)PR_GetError(), (int)PR_GetOSError());
++ fprintf(stderr, "Failed to open the check file %s: (%d)\n",
++ checkName, (int)PORT_GetError());
#endif /* DEBUG_SHVERIFY */
- goto loser;
- }
+ goto loser;
+ }
-- /* read and Verify the headerthe header */
-+ /* read and Verify the header */
- bytesRead = PR_Read(checkFD, &header, sizeof(header));
- if (bytesRead != sizeof(header)) {
- goto loser;
-@@ -550,7 +553,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
- goto loser;
- }
+- /* read and Verify the headerthe header */
++ /* read and Verify the header */
+ bytesRead = PR_Read(checkFD, &header, sizeof(header));
+ if (bytesRead != sizeof(header)) {
+ goto loser;
+@@ -561,7 +564,7 @@ blapi_SHVerifyFile(const char *shName, P
+ goto loser;
+ }
-/* open our library file */
+ /* open our library file */
#ifdef FREEBL_USE_PRELINK
- shFD = bl_OpenUnPrelink(shName, &pid);
+ shFD = bl_OpenUnPrelink(shName, &pid);
#else
-@@ -558,8 +561,8 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
+@@ -569,8 +572,8 @@ blapi_SHVerifyFile(const char *shName, P
#endif
- if (shFD == NULL) {
+ if (shFD == NULL) {
#ifdef DEBUG_SHVERIFY
-- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
-- shName, (int)PR_GetError(), (int)PR_GetOSError());
-+ fprintf(stderr, "Failed to open the library file %s: (%d)\n",
-+ shName, (int)PR_GetError());
+- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
+- shName, (int)PR_GetError(), (int)PR_GetOSError());
++ fprintf(stderr, "Failed to open the library file %s: (%d)\n",
++ shName, (int)PORT_GetError());
#endif /* DEBUG_SHVERIFY */
- goto loser;
- }
-@@ -620,7 +623,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
- }
-
- PRBool
-- BLAPI_VerifySelf(const char *name)
-+ BLAPI_VerifySelf(const char *name, int *err)
- {
- if (name == NULL) {
- /*
-@@ -629,7 +632,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
- */
- return PR_TRUE;
- }
-- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
-+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, err);
+ goto loser;
+ }
+@@ -631,7 +634,7 @@ loser:
+ }
+
+ PRBool
+-BLAPI_VerifySelf(const char *name)
++BLAPI_VerifySelf(const char *name, int *err)
+ {
+ if (name == NULL) {
+ /*
+@@ -640,7 +643,7 @@ BLAPI_VerifySelf(const char *name)
+ */
+ return PR_TRUE;
}
+- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE);
++ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE, err);
+ }
#else /* NSS_FIPS_DISABLED */
-@@ -645,7 +648,7 @@ BLAPI_SHVerify(const char *name, PRFuncP
+@@ -656,7 +659,7 @@ BLAPI_SHVerify(const char *name, PRFuncP
return PR_FALSE;
}
PRBool
@@ -994,7 +1061,7 @@
===================================================================
--- /dev/null
+++ nss/lib/softoken/fips.c
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,50 @@
+#include "../freebl/fips-selftest.inc"
+
+#include "fips.h"
@@ -1007,7 +1074,7 @@
+static fips_check_status
+fips_checkCryptoSoftoken(void)
+{
-+ if (CKR_OK == sftk_FIPSEntryOK()) {
++ if (CKR_OK == sftk_FIPSEntryOK(PR_FALSE)) {
+ return CHECK_OK;
+ } else {
+ return CHECK_FAIL_CRYPTO;
@@ -1035,18 +1102,33 @@
+
+ return;
+}
++
++void
++fips_repeatTestSoftoken(void)
++{
++ fips_initTestSoftoken();
++ if (!fips_state)
++ {
++ fatal ("fips - softokn: Integrity test re-run failed - aborting.");
++ }
++}
Index: nss/lib/softoken/fips.h
===================================================================
--- /dev/null
+++ nss/lib/softoken/fips.h
-@@ -0,0 +1,10 @@
+@@ -0,0 +1,15 @@
+#ifndef FIPS_H
+#define FIPS_H
+
++#include "prtypes.h"
+#include "softoken.h"
+
-+CK_RV FIPS_cryptoSelftestSoftoken(void);
++SEC_BEGIN_PROTOS
++
+CK_RV sftk_fipsPowerUpSelfTest(void);
++extern void sftk_FIPSRepeatIntegrityCheck(void);
++
++SEC_END_PROTOS
+
+#endif
+
@@ -1382,15 +1464,15 @@
static PRBool sftk_self_tests_ran = PR_FALSE;
static PRBool sftk_self_tests_success = PR_FALSE;
-@@ -694,7 +1015,6 @@ static void
- sftk_startup_tests(void)
+@@ -694,7 +1015,6 @@ void
+ sftk_startup_tests_with_rerun(PRBool rerun)
{
SECStatus rv;
-- const char *libraryName = SOFTOKEN_LIB_NAME;
+- const char *libraryName = rerun ? BLAPI_FIPS_RERUN_FLAG_STRING
SOFTOKEN_LIB_NAME : SOFTOKEN_LIB_NAME;
PORT_Assert(!sftk_self_tests_ran);
PORT_Assert(!sftk_self_tests_success);
-@@ -706,6 +1026,7 @@ sftk_startup_tests(void)
+@@ -706,6 +1026,7 @@ sftk_startup_tests_with_rerun(PRBool rer
if (rv != SECSuccess) {
return;
}
@@ -1398,7 +1480,7 @@
/* make sure freebl is initialized, or our RSA check
* may fail. This is normally done at freebl load time, but it's
* possible we may have shut freebl down without unloading it. */
-@@ -723,12 +1044,21 @@ sftk_startup_tests(void)
+@@ -723,12 +1044,21 @@ sftk_startup_tests_with_rerun(PRBool rer
if (rv != SECSuccess) {
return;
}
@@ -1424,9 +1506,9 @@
rv = sftk_fips_IKE_PowerUpSelfTests();
if (rv != SECSuccess) {
return;
-@@ -760,17 +1090,11 @@ sftk_startup_tests(void)
+@@ -766,17 +1096,10 @@ sftk_startup_tests(void)
CK_RV
- sftk_FIPSEntryOK()
+ sftk_FIPSEntryOK(PRBool rerun)
{
-#ifdef NSS_NO_INIT_SUPPORT
- /* this should only be set on platforms that can't handle one of the INIT
@@ -1440,10 +1522,27 @@
sftk_startup_tests();
}
-#endif
-+
- if (!sftk_self_tests_success) {
- return CKR_DEVICE_ERROR;
+ if (rerun) {
+ sftk_self_tests_ran = PR_FALSE;
+ sftk_self_tests_success = PR_FALSE;
+@@ -787,6 +1110,17 @@ sftk_FIPSEntryOK(PRBool rerun)
}
+ return CKR_OK;
+ }
++
++void fips_repeatTestSoftoken(void);
++
++void
++sftk_FIPSRepeatIntegrityCheck()
++{
++ /* These will abort if the checksum fails in FIPS mode */
++ BL_FIPSRepeatIntegrityCheck();
++ fips_repeatTestSoftoken();
++}
++
+ #else
+ #include "pkcs11t.h"
+ CK_RV
Index: nss/lib/softoken/legacydb/fips.c
===================================================================
--- /dev/null
@@ -1521,14 +1620,14 @@
===================================================================
--- nss.orig/lib/softoken/manifest.mn
+++ nss/lib/softoken/manifest.mn
-@@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \
- softkver.h \
- sdb.h \
- sftkdbt.h \
+@@ -22,6 +22,7 @@ endif
+ EXPORTS = \
+ lowkeyi.h \
+ lowkeyti.h \
+ fips.h \
$(NULL)
- CSRCS = \
+ PRIVATE_EXPORTS = \
@@ -55,6 +56,7 @@ CSRCS = \
softkver.c \
tlsprf.c \
@@ -1537,4 +1636,48 @@
$(NULL)
ifndef NSS_DISABLE_DBM
+Index: nss/lib/softoken/softoken.h
+===================================================================
+--- nss.orig/lib/softoken/softoken.h
++++ nss/lib/softoken/softoken.h
+@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLAr
+ /* make sure Power-up selftests have been run. */
+ extern CK_RV sftk_FIPSEntryOK(PRBool rerun);
+
++/* Unconditionally run the crypto self-tests. */
++extern PRBool sftk_FIPSRunTests();
++
+ /*
+ ** make known fixed PKCS #11 key types to their sizes in bytes
+ */
+Index: nss/lib/freebl/ldvector.c
+===================================================================
+--- nss.orig/lib/freebl/ldvector.c
++++ nss/lib/freebl/ldvector.c
+@@ -375,9 +375,12 @@ static const struct FREEBLVectorStr vect
+ /* End of version 3.024 */
+ ChaCha20_InitContext,
+ ChaCha20_CreateContext,
+- ChaCha20_DestroyContext
++ ChaCha20_DestroyContext,
+
+ /* End of version 3.025 */
++
++ /* SUSE patch: Goes last */
++ BL_FIPSRepeatIntegrityCheck
+ };
+
+ const FREEBLVector*
+Index: nss/lib/softoken/softokn.def
+===================================================================
+--- nss.orig/lib/softoken/softokn.def
++++ nss/lib/softoken/softokn.def
+@@ -34,6 +34,7 @@ NSC_GetInterfaceList;
+ C_GetInterface;
+ FC_GetInterface;
+ NSC_GetInterface;
++sftk_FIPSRepeatIntegrityCheck;
+ ;+ local:
+ ;+ *;
+ ;+};
++++++ nss-fips-detect-fips-mode-fixes.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.782951806 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.782951806 +0200
@@ -12,7 +12,7 @@
===================================================================
--- nss.orig/lib/freebl/nsslowhash.c
+++ nss/lib/freebl/nsslowhash.c
-@@ -2,6 +2,9 @@
+@@ -2,9 +2,13 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -22,7 +22,11 @@
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
-@@ -25,6 +28,23 @@ struct NSSLOWHASHContextStr {
++
+ #include "prtypes.h"
+ #include "prenv.h"
+ #include "secerr.h"
+@@ -25,6 +29,23 @@ struct NSSLOWHASHContextStr {
};
#ifndef NSS_FIPS_DISABLED
@@ -46,7 +50,7 @@
static int
nsslow_GetFIPSEnabled(void)
{
-@@ -52,6 +72,7 @@ nsslow_GetFIPSEnabled(void)
+@@ -52,6 +73,7 @@ nsslow_GetFIPSEnabled(void)
#endif /* LINUX */
return 1;
}
@@ -54,13 +58,13 @@
#endif /* NSS_FIPS_DISABLED */
static NSSLOWInitContext dummyContext = { 0 };
-@@ -67,7 +88,7 @@ NSSLOW_Init(void)
+@@ -67,7 +89,7 @@ NSSLOW_Init(void)
#ifndef NSS_FIPS_DISABLED
/* make sure the FIPS product is installed if we are trying to
* go into FIPS mode */
- if (nsslow_GetFIPSEnabled()) {
+ if (nsslow_GetFIPSEnabled() || getFIPSEnv()) {
- if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
+ if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
post_failed = PR_TRUE;
Index: nss/lib/sysinit/nsssysinit.c
++++++ nss-fips-drbg-libjitter.patch ++++++
Index: nss/coreconf/Linux.mk
===================================================================
--- nss.orig/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -136,7 +136,7 @@ OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLA
ifeq ($(KERNEL),Linux)
OS_CFLAGS += -DLINUX -Dlinux
endif
-OS_LIBS = $(OS_PTHREAD) -ldl -lc
+OS_LIBS = $(OS_PTHREAD) -ldl -lc -ljitterentropy
ifeq ($(OS_TARGET),Android)
OS_LIBS += -llog
Index: nss/lib/freebl/drbg.c
===================================================================
--- nss.orig/lib/freebl/drbg.c
+++ nss/lib/freebl/drbg.c
@@ -6,6 +6,8 @@
#include "stubs.h"
#endif
+#include <jitterentropy.h>
+
#include <unistd.h>
#include "prerror.h"
@@ -107,6 +109,45 @@ typedef struct RNGContextStr RNGContext;
static RNGContext *globalrng = NULL;
static RNGContext theGlobalRng;
+/* Jitterentropy */
+#define JITTER_FLAGS JENT_FORCE_FIPS
+static struct rand_data *jitter;
+
+static ssize_t
+FIPS_jent_get_entropy (void *dest, ssize_t len)
+{
+ int result = -1;
+
+ /* Ensure that the jitterentropy generator is initialized */
+
+ if (!jitter)
+ {
+ if (jent_entropy_init_ex (1, JITTER_FLAGS))
+ goto out;
+
+ jitter = jent_entropy_collector_alloc (1, JITTER_FLAGS);
+ if (!jitter)
+ goto out;
+ }
+
+ /* Get some entropy */
+
+ result = jent_read_entropy_safe (&jitter, dest, len);
+
+out:
+ return result;
+}
+
+static void
+FIPS_jent_deinit (void)
+{
+ if (jitter)
+ {
+ jent_entropy_collector_free (jitter);
+ jitter = NULL;
+ }
+}
+
/*
* The next several functions are derived from the NIST SP 800-90
* spec. In these functions, an attempt was made to use names consistent
@@ -180,7 +221,7 @@ static PRCallOnceType coRNGInitEntropy;
static PRStatus
prng_initEntropy(void)
{
- size_t length;
+ ssize_t length;
PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
SHA256Context ctx;
@@ -203,8 +244,8 @@ prng_initEntropy(void)
/* For FIPS 140-2 4.9.2 continuous random number generator test,
* fetch the initial entropy from the system RNG and keep it for
* later comparison. */
- length = RNG_SystemRNG(block, sizeof(block));
- if (length == 0) {
+ length = FIPS_jent_get_entropy(block, sizeof(block));
+ if (length < 1) {
coRNGInitEntropy.status = PR_FAILURE;
__sync_synchronize ();
coRNGInitEntropy.initialized = 1;
@@ -244,8 +285,8 @@ prng_getEntropy(PRUint8 *buffer, size_t
* iteratively fetch fixed sized blocks from the system and
* compare consecutive blocks. */
while (total < requestLength) {
- size_t length = RNG_SystemRNG(block, sizeof(block));
- if (length == 0) {
+ ssize_t length = FIPS_jent_get_entropy(block, sizeof(block));
+ if (length < 1) {
rv = SECFailure; /* error is already set */
goto out;
}
@@ -792,6 +833,7 @@ RNG_RNGShutdown(void)
/* clear */
prng_freeRNGContext(globalrng);
globalrng = NULL;
+ FIPS_jent_deinit ();
/* reset the callonce struct to allow a new call to RNG_RNGInit() */
coRNGInit = pristineCallOnce;
}
++++++ nss-fips-pairwise-consistency-check.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.810951977 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.814952002 +0200
@@ -14,7 +14,7 @@
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
-@@ -4826,8 +4826,8 @@ loser:
+@@ -4800,8 +4800,8 @@ loser:
return crv;
}
@@ -25,7 +25,7 @@
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
-@@ -5775,6 +5775,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
+@@ -5749,6 +5749,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST,
msg);
}
++++++ nss-fips-pbkdf-kat-compliance.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.826952075 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.830952100 +0200
@@ -1,6 +1,6 @@
-diff --git nss/lib/softoken/lowpbe.c b/nss/lib/softoken/lowpbe.c
-index fae9e18..1c55642 100644
---- nss/lib/softoken/lowpbe.c
+Index: nss/lib/softoken/lowpbe.c
+===================================================================
+--- nss.orig/lib/softoken/lowpbe.c
+++ nss/lib/softoken/lowpbe.c
@@ -1756,7 +1756,7 @@ loser:
return ret_algid;
@@ -11,7 +11,7 @@
SECStatus
sftk_fips_pbkdf_PowerUpSelfTests(void)
{
-@@ -1766,16 +1766,21 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
+@@ -1766,16 +1766,22 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
unsigned char iteration_count = 5;
unsigned char keyLen = 64;
char *inKeyData = TEST_KEY;
@@ -22,6 +22,7 @@
+ 0x48, 0x99, 0xF4, 0x6D, 0xB7, 0x48, 0xE3, 0x3B,
+ 0x91, 0xBF, 0x65, 0xA9, 0x26, 0x83, 0xE8, 0x22
+ };
++
static const unsigned char pbkdf_known_answer[] = {
- 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29,
- 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c,
@@ -42,7 +43,7 @@
};
sftk_PBELockInit();
-@@ -1804,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
+@@ -1804,11 +1810,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
* for NSSPKCS5_PBKDF2 */
pbe_params.iter = iteration_count;
pbe_params.keyLen = keyLen;
++++++ nss-fips-pct-pubkeys.patch ++++++
# HG changeset patch
# Parent 5786c2bb5c229b530e95e435ee0cf51314359e7b
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -17,6 +17,7 @@
* In this implementation, session objects are only visible to the session
* that created or generated them.
*/
+#include "lowkeyti.h"
#include "seccomon.h"
#include "secitem.h"
#include "secport.h"
@@ -4922,6 +4923,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
return crv;
}
+/* This function regenerates a public key from a private key
+ * (not simply returning the saved public key) and compares it
+ * to the given publicKey
+ */
+static CK_RV
+regeneratePublicKeyFromPrivateKeyAndCompare(NSSLOWKEYPrivateKey *currPrivKey,
+ NSSLOWKEYPublicKey *currPubKey)
+{
+ NSSLOWKEYPublicKey *pubk;
+ SECItem publicValue;
+ PLArenaPool *arena;
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return CKR_HOST_MEMORY;
+ }
+
+ switch (currPrivKey->keyType) {
+ case NSSLOWKEYDHKey:
+ pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+
sizeof(NSSLOWKEYPublicKey));
+ if (pubk != NULL) {
+ SECStatus rv;
+
+ pubk->arena = arena;
+ pubk->keyType = currPrivKey->keyType;
+
+ // Regenerate the publicValue
+ rv = DH_Derive(&currPrivKey->u.dh.base,
&currPrivKey->u.dh.prime,
+ &currPrivKey->u.dh.privateValue, &publicValue,
0);
+ if (rv != SECSuccess) {
+ break;
+ }
+ rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
+ &publicValue);
+ SECITEM_ZfreeItem(&publicValue, PR_FALSE);
+ if (rv != SECSuccess) {
+ break;
+ }
+
+ if (SECITEM_CompareItem(&pubk->u.dh.publicValue,
&currPubKey->u.dh.publicValue) != SECEqual) {
+ nsslowkey_DestroyPublicKey(pubk);
+ return CKR_GENERAL_ERROR;
+ }
+ nsslowkey_DestroyPublicKey(pubk);
+ return CKR_OK;
+ }
+ break;
+ case NSSLOWKEYECKey:
+ {
+ ECPrivateKey *privk = NULL;
+ SECStatus rv;
+
+ /* The "seed" is an octet stream corresponding to our private
key.
+ * The new public key is derived from this + the parameters and
+ * stored in the new private key's publicValue. */
+ rv = EC_NewKeyFromSeed (&currPrivKey->u.ec.ecParams,
+ &privk,
+ currPrivKey->u.ec.privateValue.data,
+ currPrivKey->u.ec.privateValue.len);
+ if (rv != SECSuccess)
+ break;
+
+ /* Verify that the passed-in public value is equal to the one
derived */
+ if (SECITEM_CompareItem (&privk->publicValue,
&currPubKey->u.ec.publicValue) != SECEqual) {
+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
+ return CKR_GENERAL_ERROR;
+ }
+
+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
+ return CKR_OK;
+ }
+ break;
+ default:
+ break;
+ }
+
+ PORT_FreeArena(arena, PR_TRUE);
+ return CKR_GENERAL_ERROR;
+}
+
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -5268,6 +5351,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}
+ // Regenerate the publicKey from the privateKey and compare it to the
+ // original publicKey
+ if (keyType == CKK_DH || keyType == CKK_EC) {
+ NSSLOWKEYPrivateKey *currPrivKey = sftk_GetPrivKey(privateKey, CKK_DH,
&crv);
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ if (!currPrivKey) {
+ return CKR_DEVICE_ERROR;
+ }
+
+ NSSLOWKEYPublicKey *currPubKey = sftk_GetPubKey(publicKey, CKK_DH,
&crv);
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ if (!currPubKey) {
+ return CKR_DEVICE_ERROR;
+ }
+
+ crv = regeneratePublicKeyFromPrivateKeyAndCompare(currPrivKey,
currPubKey);
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
return CKR_OK;
}
++++++ nss-fips-rsa-keygen-strictness.patch ++++++
--- /var/tmp/diff_new_pack.Movh7t/_old 2023-07-06 18:28:08.854952248 +0200
+++ /var/tmp/diff_new_pack.Movh7t/_new 2023-07-06 18:28:08.858952272 +0200
@@ -8,10 +8,10 @@
Author: Hans Petter Jansson <h...@cl.no>
Patch 16: nss-fips-rsa-keygen-strictness.patch
-diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c
-index b757150..41d08b1 100644
---- a/lib/freebl/mpi/mpprime.c
-+++ b/lib/freebl/mpi/mpprime.c
+Index: nss/lib/freebl/mpi/mpprime.c
+===================================================================
+--- nss.orig/lib/freebl/mpi/mpprime.c
++++ nss/lib/freebl/mpi/mpprime.c
@@ -14,6 +14,8 @@
#include <stdlib.h>
#include <string.h>
@@ -21,7 +21,7 @@
#define SMALL_TABLE 0 /* determines size of hard-wired prime table */
#define RANDOM() rand()
-@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start, mp_size nBits,
mp_size strong, mpp_rand
+@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start,
} else
num_tests = 50;
@@ -47,10 +47,10 @@
if (strong)
--nBits;
MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1));
-diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
-index 2b8a3bf..8d40d11 100644
---- a/lib/freebl/rsa.c
-+++ b/lib/freebl/rsa.c
+Index: nss/lib/freebl/rsa.c
+===================================================================
+--- nss.orig/lib/freebl/rsa.c
++++ nss/lib/freebl/rsa.c
@@ -16,11 +16,13 @@
#include "prinit.h"
#include "blapi.h"
@@ -65,7 +65,7 @@
/* The minimal required randomness is 64 bits */
/* EXP_BLINDING_RANDOMNESS_LEN is the length of the randomness in mp_digits */
-@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, const mp_int *q,
+@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, c
err = mp_invmod(d, &phi, e);
} else {
err = mp_invmod(e, &phi, d);
@@ -92,7 +92,7 @@
if (err != MP_OKAY) {
if (err == MP_UNDEF) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
-@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
mp_int q = { 0, 0, 0, NULL };
mp_int e = { 0, 0, 0, NULL };
mp_int d = { 0, 0, 0, NULL };
@@ -106,7 +106,7 @@
int prerr = 0;
RSAPrivateKey *key = NULL;
PLArenaPool *arena = NULL;
-@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
@@ -151,7 +151,7 @@
}
#endif
-@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
key->arena = arena;
/* length of primes p and q (in bytes) */
primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
@@ -165,7 +165,7 @@
/* 3. Set the version number (PKCS1 v1.5 says it should be zero) */
SECITEM_AllocItem(arena, &key->version, 1);
key->version.data[0] = 0;
-@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
PORT_SetError(0);
CHECK_SEC_OK(generate_prime(&p, primeLen));
CHECK_SEC_OK(generate_prime(&q, primeLen));
++++++ nss-fix-bmo1836925.patch ++++++
Index: nss/lib/freebl/Makefile
===================================================================
--- nss.orig/lib/freebl/Makefile
+++ nss/lib/freebl/Makefile
@@ -568,7 +568,6 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null
HAVE_INT128_SUPPORT = 1
DEFINES += -DHAVE_INT128_SUPPORT
else ifeq (1,$(CC_IS_GCC))
- SUPPORTS_VALE_CURVE25519 = 1
ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word
2,$(GCC_VERSION))))
HAVE_INT128_SUPPORT = 1
DEFINES += -DHAVE_INT128_SUPPORT
@@ -593,11 +592,6 @@ ifndef HAVE_INT128_SUPPORT
DEFINES += -DKRML_VERIFIED_UINT128
endif
-ifdef SUPPORTS_VALE_CURVE25519
- VERIFIED_SRCS += Hacl_Curve25519_64.c
- DEFINES += -DHACL_CAN_COMPILE_INLINE_ASM
-endif
-
ifndef NSS_DISABLE_CHACHAPOLY
ifeq ($(CPU_ARCH),x86_64)
ifndef NSS_DISABLE_AVX2
Index: nss/lib/freebl/freebl.gyp
===================================================================
--- nss.orig/lib/freebl/freebl.gyp
+++ nss/lib/freebl/freebl.gyp
@@ -866,12 +866,6 @@
}],
],
}],
- [ 'supports_vale_curve25519==1', {
- 'defines': [
- # The Makefile does version-tests on GCC, but we're not doing that
here.
- 'HACL_CAN_COMPILE_INLINE_ASM',
- ],
- }],
[ 'OS=="linux" or OS=="android"', {
'conditions': [
[ 'target_arch=="x64"', {
@@ -934,11 +928,6 @@
'variables': {
'module': 'nss',
'conditions': [
- [ 'target_arch=="x64" and cc_is_gcc==1', {
- 'supports_vale_curve25519%': 1,
- }, {
- 'supports_vale_curve25519%': 0,
- }],
[ 'target_arch=="x64" or target_arch=="arm64" or
target_arch=="aarch64"', {
'have_int128_support%': 1,
}, {
Index: nss/lib/freebl/freebl_base.gypi
===================================================================
--- nss.orig/lib/freebl/freebl_base.gypi
+++ nss/lib/freebl/freebl_base.gypi
@@ -151,11 +151,6 @@
'ecl/curve25519_32.c',
],
}],
- ['supports_vale_curve25519==1', {
- 'sources': [
- 'verified/Hacl_Curve25519_64.c',
- ],
- }],
['(target_arch!="ppc64" and target_arch!="ppc64le") or
disable_altivec==1', {
'sources': [
# Gyp does not support per-file cflags, so working around like this.
