import nss-3.53.1-17.el8_3

This commit is contained in:
CentOS Sources 2021-02-16 02:39:52 -05:00 committed by Stepan Oksanichenko
parent 523619f371
commit 02c51bd6bb
15 changed files with 34964 additions and 1 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
SOURCES/PayPalEE.cert
SOURCES/blank-cert8.db SOURCES/blank-cert8.db
SOURCES/blank-cert9.db SOURCES/blank-cert9.db
SOURCES/blank-key3.db SOURCES/blank-key3.db

View File

@ -1,3 +1,4 @@
bc5c03643bfa1a5ea8519b8e7e2d7d5e30abea30 SOURCES/PayPalEE.cert
d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db
b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db

View File

@ -0,0 +1,74 @@
# HG changeset patch
# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
# Date 1595031218 0
# Node ID c25adfdfab34ddb08d3262aac3242e3399de1095
# Parent f282556e6cc7715f5754aeaadda6f902590e7e38
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D74801
diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
--- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -40,28 +40,35 @@ class Pkcs11ChaCha20Poly1305Test
aead_params.ulNonceLen = iv_len;
aead_params.pAAD = toUcharPtr(aad);
aead_params.ulAADLen = aad_len;
aead_params.ulTagLen = 16;
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
sizeof(aead_params)};
- // Encrypt with bad parameters.
+ // Encrypt with bad parameters (TagLen is too long).
unsigned int encrypted_len = 0;
std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
aead_params.ulTagLen = 158072;
SECStatus rv =
PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
&encrypted_len, encrypted.size(), data, data_len);
EXPECT_EQ(SECFailure, rv);
EXPECT_EQ(0U, encrypted_len);
- aead_params.ulTagLen = 16;
+
+ // Encrypt with bad parameters (TagLen is too short).
+ aead_params.ulTagLen = 2;
+ rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, encrypted_len);
// Encrypt.
+ aead_params.ulTagLen = 16;
rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
&encrypted_len, encrypted.size(), data, data_len);
// Return if encryption failure was expected due to invalid IV.
// Without valid ciphertext, all further tests can be skipped.
if (invalid_iv) {
EXPECT_EQ(rv, SECFailure);
EXPECT_EQ(0U, encrypted_len)
diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
--- a/lib/freebl/chacha20poly1305.c
+++ b/lib/freebl/chacha20poly1305.c
@@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol
{
#ifdef NSS_DISABLE_CHACHAPOLY
return SECFailure;
#else
if (keyLen != 32) {
PORT_SetError(SEC_ERROR_BAD_KEY);
return SECFailure;
}
- if (tagLen == 0 || tagLen > 16) {
+ if (tagLen != 16) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
return SECFailure;
}
PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
ctx->tagLen = tagLen;
return SECSuccess;

View File

@ -0,0 +1,96 @@
# HG changeset patch
# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
# Date 1595031194 0
# Node ID f282556e6cc7715f5754aeaadda6f902590e7e38
# Parent 89733253df83ef7fe8dd0d49f6370b857e93d325
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
Depends on D74801
Differential Revision: https://phabricator.services.mozilla.com/D83994
diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
--- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
@@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn
ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
PK11_FreeSymKey(key);
PK11_FreeSlot(slot);
PK11_DestroyContext(ctx, PR_TRUE);
NSS_ShutdownContext(globalctx);
}
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
+ PK11SlotInfo* slot;
+ PK11SymKey* key;
+ PK11Context* ctx;
+
+ NSSInitContext* globalctx =
+ NSS_InitContext("", "", "", "", NULL,
+ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
+ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
+
+ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
+
+ slot = PK11_GetInternalSlot();
+ ASSERT_TRUE(slot);
+
+ // Use arbitrary bytes for the ChaCha20 key and IV
+ uint8_t key_bytes[32];
+ for (size_t i = 0; i < 32; i++) {
+ key_bytes[i] = i;
+ }
+ SECItem keyItem = {siBuffer, key_bytes, 32};
+
+ uint8_t iv_bytes[16];
+ for (size_t i = 0; i < 16; i++) {
+ key_bytes[i] = i;
+ }
+ SECItem ivItem = {siBuffer, iv_bytes, 16};
+
+ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
+
+ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
+ &keyItem, NULL);
+ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
+ ASSERT_TRUE(key);
+ ASSERT_TRUE(ctx);
+
+ uint8_t outbuf[128];
+ // This is supposed to fail for Chacha20. This is because the underlying
+ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
+ // which multi-part is disabled for ChaCha20 in counter mode.
+ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
+
+ PK11_FreeSymKey(key);
+ PK11_FreeSlot(slot);
+ SECITEM_FreeItem(param, PR_TRUE);
+ PK11_DestroyContext(ctx, PR_TRUE);
+ NSS_ShutdownContext(globalctx);
+}
+
} // namespace nss_test
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
case CKM_NSS_CHACHA20_CTR: /* old NSS private version */
case CKM_CHACHA20: /* PKCS #11 v3 version */
{
unsigned char *counter;
unsigned char *nonce;
unsigned long counter_len;
unsigned long nonce_len;
+ context->multi = PR_FALSE;
if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
if (key_type != CKK_NSS_CHACHA20) {
crv = CKR_KEY_TYPE_INCONSISTENT;
break;
}
if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,899 @@
diff -up ./lib/nss/nss.h.orig ./lib/nss/nss.h
--- ./lib/nss/nss.h.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./lib/nss/nss.h 2020-10-29 13:17:16.386664203 -0700
@@ -299,6 +299,8 @@ SECStatus NSS_UnregisterShutdown(NSS_Shu
* old NSS versions. This option might be removed in the future NSS
* releases; don't rely on it. */
#define __NSS_PKCS12_DECODE_FORCE_UNICODE 0x00c
+#define NSS_DEFAULT_LOCKS 0x00d /* lock default values */
+#define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */
/*
* Set and get global options for the NSS library.
diff -up ./lib/nss/nssoptions.c.orig ./lib/nss/nssoptions.c
--- ./lib/nss/nssoptions.c.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./lib/nss/nssoptions.c 2020-10-29 13:17:16.386664203 -0700
@@ -14,6 +14,7 @@
#include "secoid.h"
#include "nss.h"
#include "nssoptions.h"
+#include "secerr.h"
struct nssOps {
PRInt32 rsaMinKeySize;
@@ -24,6 +25,7 @@ struct nssOps {
PRInt32 dtlsVersionMinPolicy;
PRInt32 dtlsVersionMaxPolicy;
PRInt32 pkcs12DecodeForceUnicode;
+ PRInt32 defaultLocks;
};
static struct nssOps nss_ops = {
@@ -34,7 +36,8 @@ static struct nssOps nss_ops = {
0xffff, /* set TLS max to more than the largest legal SSL value */
1,
0xffff,
- PR_FALSE
+ PR_FALSE,
+ 0
};
SECStatus
@@ -42,6 +45,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 val
{
SECStatus rv = SECSuccess;
+ if (NSS_IsPolicyLocked()) {
+ PORT_SetError(SEC_ERROR_POLICY_LOCKED);
+ return SECFailure;
+ }
+
switch (which) {
case NSS_RSA_MIN_KEY_SIZE:
nss_ops.rsaMinKeySize = value;
@@ -67,7 +75,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 val
case __NSS_PKCS12_DECODE_FORCE_UNICODE:
nss_ops.pkcs12DecodeForceUnicode = value;
break;
+ case NSS_DEFAULT_LOCKS:
+ nss_ops.defaultLocks = value;
+ break;
default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
}
@@ -104,6 +116,9 @@ NSS_OptionGet(PRInt32 which, PRInt32 *va
case __NSS_PKCS12_DECODE_FORCE_UNICODE:
*value = nss_ops.pkcs12DecodeForceUnicode;
break;
+ case NSS_DEFAULT_LOCKS:
+ *value = nss_ops.defaultLocks;
+ break;
default:
rv = SECFailure;
}
diff -up ./lib/pk11wrap/pk11pars.c.orig ./lib/pk11wrap/pk11pars.c
--- ./lib/pk11wrap/pk11pars.c.orig 2020-10-29 13:14:14.119727304 -0700
+++ ./lib/pk11wrap/pk11pars.c 2020-10-29 13:17:16.387664208 -0700
@@ -158,16 +158,17 @@ SECMOD_CreateModule(const char *library,
* Disallow values are parsed first, then allow values, independent of the
* order they appear.
*
- * Future key words (not yet implemented):
+ * flags: turn on the following flags:
+ * policy-lock: turn off the ability for applications to change policy with
+ * the call NSS_SetAlgorithmPolicy or the other system policy
+ * calls (SSL_SetPolicy, etc.)
+ * ssl-lock: turn off the ability to change the ssl defaults.
+ *
+ * The following only apply to ssl cipher suites (future smime)
+ *
* enable: turn on ciphersuites by default.
* disable: turn off ciphersuites by default without disallowing them by policy.
- * flags: turn on the following flags:
- * ssl-lock: turn off the ability for applications to change policy with
- * the SSL_SetCipherPolicy (or SSL_SetPolicy).
- * policy-lock: turn off the ability for applications to change policy with
- * the call NSS_SetAlgorithmPolicy.
- * ssl-default-lock: turn off the ability for applications to change cipher
- * suite states with SSL_EnableCipher, SSL_DisableCipher.
+ *
*
*/
@@ -389,7 +390,13 @@ static const oidValDef kxOptList[] = {
static const oidValDef signOptList[] = {
/* Signatures */
{ CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE,
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
+ { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION,
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
+ { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
+ { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY,
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
};
typedef struct {
@@ -405,7 +412,7 @@ static const algListsDef algOptLists[] =
{ macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE },
{ cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE },
{ kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE },
- { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE },
+ { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE },
};
static const optionFreeDef sslOptList[] = {
@@ -443,10 +450,19 @@ static const policyFlagDef policyFlagLis
/* add other key exhanges in the future */
{ CIPHER_NAME("KEY-EXCHANGE"), NSS_USE_ALG_IN_SSL_KX },
{ CIPHER_NAME("CERT-SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
- /* add other signatures in the future */
- { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
- /* enable everything */
- { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+ { CIPHER_NAME("CMS-SIGNATURE"), NSS_USE_ALG_IN_CMS_SIGNATURE },
+ { CIPHER_NAME("ALL-SIGNATURE"), NSS_USE_ALG_IN_SIGNATURE },
+ /* sign turns off all signatures, but doesn't change the
+ * allowance for specific sigantures... for example:
+ * disallow=sha256/all allow=sha256/signature doesn't allow
+ * cert-sigantures, where disallow=sha256/all allow=sha256/all-signature
+ * does.
+ * however, disallow=sha356/signature and disallow=sha256/all-siganture are
+ * equivalent in effect */
+ { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_ANY_SIGNATURE },
+ /* enable/disable everything */
+ { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX |
+ NSS_USE_ALG_IN_SIGNATURE },
{ CIPHER_NAME("NONE"), 0 }
};
@@ -538,8 +554,82 @@ secmod_getPolicyOptValue(const char *pol
return SECFailure;
}
+/* Policy operations:
+ * Disallow: operation is disallowed by policy. Implies disabled.
+ * Allow: operation is allowed by policy (but could be disabled).
+ * Disable: operation is turned off by default (but could be allowed).
+ * Enable: operation is enabled by default. Implies allowed.
+ */
+typedef enum {
+ NSS_DISALLOW,
+ NSS_ALLOW,
+ NSS_DISABLE,
+ NSS_ENABLE
+} NSSPolicyOperation;
+
+/* apply the operator specific policy */
+SECStatus
+secmod_setPolicyOperation(SECOidTag oid, NSSPolicyOperation operation,
+ PRUint32 value)
+{
+ SECStatus rv = SECSuccess;
+ switch (operation) {
+ case NSS_DISALLOW:
+ /* clear the requested policy bits */
+ rv = NSS_SetAlgorithmPolicy(oid, 0, value);
+ break;
+ case NSS_ALLOW:
+ /* set the requested policy bits */
+ rv = NSS_SetAlgorithmPolicy(oid, value, 0);
+ break;
+ /* enable/disable only apply to SSL cipher suites (future S/MIME).
+ * Enable/disable is implemented by clearing the DEFAULT_NOT_VALID
+ * flag, then setting the NSS_USE_DEFAULT_SSL_ENABLE flag to the
+ * correct value. The ssl policy code will then sort out what to
+ * set based on ciphers and cipher suite values.*/
+ case NSS_DISABLE:
+ if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) {
+ /* clear not valid and enable */
+ rv = NSS_SetAlgorithmPolicy(oid, 0,
+ NSS_USE_DEFAULT_NOT_VALID |
+ NSS_USE_DEFAULT_SSL_ENABLE);
+ }
+ break;
+ case NSS_ENABLE:
+ if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) {
+ /* set enable, clear not valid. NOTE: enable implies allow! */
+ rv = NSS_SetAlgorithmPolicy(oid, value | NSS_USE_DEFAULT_SSL_ENABLE,
+ NSS_USE_DEFAULT_NOT_VALID);
+ }
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ rv = SECFailure;
+ break;
+ }
+ return rv;
+}
+
+const char *
+secmod_getOperationString(NSSPolicyOperation operation)
+{
+ switch (operation) {
+ case NSS_DISALLOW:
+ return "disallow";
+ case NSS_ALLOW:
+ return "allow";
+ case NSS_DISABLE:
+ return "disable";
+ case NSS_ENABLE:
+ return "enable";
+ default:
+ break;
+ }
+ return "invalid";
+}
+
static SECStatus
-secmod_applyCryptoPolicy(const char *policyString, PRBool allow,
+secmod_applyCryptoPolicy(const char *policyString, NSSPolicyOperation operation,
PRBool printPolicyFeedback)
{
const char *cipher, *currentString;
@@ -573,18 +663,10 @@ secmod_applyCryptoPolicy(const char *pol
for (i = 0; i < PR_ARRAY_SIZE(algOptLists); i++) {
const algListsDef *algOptList = &algOptLists[i];
for (j = 0; j < algOptList->entries; j++) {
- PRUint32 enable, disable;
if (!newValue) {
value = algOptList->list[j].val;
}
- if (allow) {
- enable = value;
- disable = 0;
- } else {
- enable = 0;
- disable = value;
- }
- NSS_SetAlgorithmPolicy(algOptList->list[j].oid, enable, disable);
+ secmod_setPolicyOperation(algOptList->list[j].oid, operation, value);
}
}
continue;
@@ -603,20 +685,12 @@ secmod_applyCryptoPolicy(const char *pol
if ((newOption || algOpt->name_size == length) &&
PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) {
PRUint32 value = algOpt->val;
- PRUint32 enable, disable;
if (newOption) {
value = secmod_parsePolicyValue(&cipher[name_size] + 1,
length - name_size - 1,
printPolicyFeedback);
}
- if (allow) {
- enable = value;
- disable = 0;
- } else {
- enable = 0;
- disable = value;
- }
- rv = NSS_SetAlgorithmPolicy(algOpt->oid, enable, disable);
+ rv = secmod_setPolicyOperation(algOptList->list[j].oid, operation, value);
if (rv != SECSuccess) {
/* could not enable option */
/* NSS_SetAlgorithPolicy should have set the error code */
@@ -666,7 +740,7 @@ secmod_applyCryptoPolicy(const char *pol
if (unknown && printPolicyFeedback) {
PR_SetEnv("NSS_POLICY_FAIL=1");
fprintf(stderr, "NSS-POLICY-FAIL %s: unknown identifier: %.*s\n",
- allow ? "allow" : "disallow", length, cipher);
+ secmod_getOperationString(operation), length, cipher);
}
}
return rv;
@@ -709,7 +783,8 @@ secmod_sanityCheckCryptoPolicy(void)
anyEnabled = PR_TRUE;
fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for SSL\n", algOpt->name);
}
- if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) && (value & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+ if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) &&
+ ((value & NSS_USE_CERT_SIGNATURE_OK) == NSS_USE_CERT_SIGNATURE_OK)) {
++num_sig_enabled;
anyEnabled = PR_TRUE;
fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for CERT-SIGNATURE\n", algOpt->name);
@@ -740,7 +815,7 @@ secmod_sanityCheckCryptoPolicy(void)
static SECStatus
secmod_parseCryptoPolicy(const char *policyConfig, PRBool printPolicyFeedback)
{
- char *disallow, *allow;
+ char *args;
SECStatus rv;
if (policyConfig == NULL) {
@@ -752,20 +827,46 @@ secmod_parseCryptoPolicy(const char *pol
if (rv != SECSuccess) {
return rv;
}
- disallow = NSSUTIL_ArgGetParamValue("disallow", policyConfig);
- rv = secmod_applyCryptoPolicy(disallow, PR_FALSE, printPolicyFeedback);
- if (disallow)
- PORT_Free(disallow);
+ args = NSSUTIL_ArgGetParamValue("disallow", policyConfig);
+ rv = secmod_applyCryptoPolicy(args, NSS_DISALLOW, printPolicyFeedback);
+ if (args)
+ PORT_Free(args);
if (rv != SECSuccess) {
return rv;
}
- allow = NSSUTIL_ArgGetParamValue("allow", policyConfig);
- rv = secmod_applyCryptoPolicy(allow, PR_TRUE, printPolicyFeedback);
- if (allow)
- PORT_Free(allow);
+ args = NSSUTIL_ArgGetParamValue("allow", policyConfig);
+ rv = secmod_applyCryptoPolicy(args, NSS_ALLOW, printPolicyFeedback);
+ if (args)
+ PORT_Free(args);
if (rv != SECSuccess) {
return rv;
}
+ args = NSSUTIL_ArgGetParamValue("disable", policyConfig);
+ rv = secmod_applyCryptoPolicy(args, NSS_DISABLE, printPolicyFeedback);
+ if (args)
+ PORT_Free(args);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ args = NSSUTIL_ArgGetParamValue("enable", policyConfig);
+ rv = secmod_applyCryptoPolicy(args, NSS_ENABLE, printPolicyFeedback);
+ if (args)
+ PORT_Free(args);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ /* this has to be last. Everything after this will be a noop */
+ if (NSSUTIL_ArgHasFlag("flags", "ssl-lock", policyConfig)) {
+ PRInt32 locks;
+ /* don't overwrite other (future) lock flags */
+ rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks);
+ if (rv == SECSuccess) {
+ NSS_OptionSet(NSS_DEFAULT_LOCKS, locks | NSS_DEFAULT_SSL_LOCK);
+ }
+ }
+ if (NSSUTIL_ArgHasFlag("flags", "policy-lock", policyConfig)) {
+ NSS_LockPolicy();
+ }
if (printPolicyFeedback) {
/* This helps to distinguish configurations that don't contain any
* policy config= statement. */
diff -up ./lib/ssl/ssl3con.c.orig ./lib/ssl/ssl3con.c
--- ./lib/ssl/ssl3con.c.orig 2020-10-29 13:14:14.122727319 -0700
+++ ./lib/ssl/ssl3con.c 2020-10-29 13:23:11.101487525 -0700
@@ -13534,6 +13534,61 @@ ssl3_DestroySSL3Info(sslSocket *ss)
tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData);
}
+/*
+ * parse the policy value for a single algorithm in a cipher_suite,
+ * return TRUE if we disallow by the cipher suite by policy
+ * (we don't have to parse any more algorithm policies on this cipher suite),
+ * otherwise return FALSE.
+ * 1. If we don't have the required policy, disable by default, disallow by
+ * policy and return TRUE (no more processing needed).
+ * 2. If we have the required policy, and we are disabled, return FALSE,
+ * (if we are disabled, we only need to parse policy, not default).
+ * 3. If we have the required policy, and we aren't adjusting the defaults
+ * return FALSE. (only parsing the policy, not default).
+ * 4. We have the required policy and we are adjusting the defaults.
+ * If we are setting default = FALSE, set isDisabled to true so that
+ * we don't try to re-enable the cipher suite based on a different
+ * algorithm.
+ */
+PRBool
+ssl_HandlePolicy(int cipher_suite, SECOidTag policyOid,
+ PRUint32 requiredPolicy, PRBool *isDisabled)
+{
+ PRUint32 policy;
+ SECStatus rv;
+
+ /* first fetch the policy for this algorithm */
+ rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
+ if (rv != SECSuccess) {
+ return PR_FALSE; /* no policy value, continue to the next algorithm */
+ }
+ /* first, are we allowed by policy, if not turn off allow and disable */
+ if (!(policy & requiredPolicy)) {
+ ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE);
+ ssl_CipherPolicySet(cipher_suite, SSL_NOT_ALLOWED);
+ return PR_TRUE;
+ }
+ /* If we are already disabled, or the policy isn't setting a default
+ * we are done processing this algorithm */
+ if (*isDisabled || (policy & NSS_USE_DEFAULT_NOT_VALID)) {
+ return PR_FALSE;
+ }
+ /* set the default value for the cipher suite. If we disable the cipher
+ * suite, remember that so we don't process the next default. This has
+ * the effect of disabling the whole cipher suite if any of the
+ * algorithms it uses are disabled by default. We still have to
+ * process the upper level because the cipher suite is still allowed
+ * by policy, and we may still have to disallow it based on other
+ * algorithms in the cipher suite. */
+ if (policy & NSS_USE_DEFAULT_SSL_ENABLE) {
+ ssl_CipherPrefSetDefault(cipher_suite, PR_TRUE);
+ } else {
+ *isDisabled = PR_TRUE;
+ ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE);
+ }
+ return PR_FALSE;
+}
+
#define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER)
SECStatus
@@ -13552,30 +13607,30 @@ ssl3_ApplyNSSPolicy(void)
for (i = 1; i < PR_ARRAY_SIZE(cipher_suite_defs); ++i) {
const ssl3CipherSuiteDef *suite = &cipher_suite_defs[i];
SECOidTag policyOid;
+ PRBool isDisabled = PR_FALSE;
+
+ /* if we haven't explicitly disabled it below enable by policy */
+ ssl_CipherPolicySet(suite->cipher_suite, SSL_ALLOWED);
+ /* now check the various key exchange, ciphers and macs and
+ * if we ever disallow by policy, we are done, go to the next cipher
+ */
policyOid = MAP_NULL(kea_defs[suite->key_exchange_alg].oid);
- rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
- if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) {
- ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
- ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
+ if (ssl_HandlePolicy(suite->cipher_suite, policyOid,
+ NSS_USE_ALG_IN_SSL_KX, &isDisabled)) {
continue;
}
policyOid = MAP_NULL(ssl_GetBulkCipherDef(suite)->oid);
- rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
- if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
- ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
- ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
+ if (ssl_HandlePolicy(suite->cipher_suite, policyOid,
+ NSS_USE_ALG_IN_SSL, &isDisabled)) {
continue;
}
if (ssl_GetBulkCipherDef(suite)->type != type_aead) {
policyOid = MAP_NULL(ssl_GetMacDefByAlg(suite->mac_alg)->oid);
- rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
- if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
- ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
- ssl_CipherPolicySet(suite->cipher_suite,
- SSL_NOT_ALLOWED);
+ if (ssl_HandlePolicy(suite->cipher_suite, policyOid,
+ NSS_USE_ALG_IN_SSL, &isDisabled)) {
continue;
}
}
diff -up ./lib/ssl/sslsock.c.orig ./lib/ssl/sslsock.c
--- ./lib/ssl/sslsock.c.orig 2020-10-29 13:14:14.201727725 -0700
+++ ./lib/ssl/sslsock.c 2020-10-29 13:17:16.389664218 -0700
@@ -1447,6 +1447,10 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
if (rv != SECSuccess) {
return rv;
}
+ if (NSS_IsPolicyLocked()) {
+ PORT_SetError(SEC_ERROR_POLICY_LOCKED);
+ return SECFailure;
+ }
return ssl_CipherPolicySet(which, policy);
}
@@ -1493,10 +1497,15 @@ SECStatus
SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
{
SECStatus rv = ssl_Init();
+ PRInt32 locks;
if (rv != SECSuccess) {
return rv;
}
+ rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks);
+ if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) {
+ return SECSuccess;
+ }
return ssl_CipherPrefSetDefault(which, enabled);
}
@@ -1522,11 +1531,17 @@ SECStatus
SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
{
sslSocket *ss = ssl_FindSocket(fd);
+ PRInt32 locks;
+ SECStatus rv;
if (!ss) {
SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
return SECFailure;
}
+ rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks);
+ if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) {
+ return SECSuccess;
+ }
if (ssl_IsRemovedCipherSuite(which))
return SECSuccess;
return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
diff -up ./lib/util/nssutil.def.orig ./lib/util/nssutil.def
--- ./lib/util/nssutil.def.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./lib/util/nssutil.def 2020-10-29 13:17:16.390664223 -0700
@@ -334,3 +334,10 @@ NSSUTIL_AddNSSFlagToModuleSpec;
;+ local:
;+ *;
;+};
+;+NSSUTIL_3.59 { # NSS Utilities 3.59 release
+;+ global:
+NSS_IsPolicyLocked;
+NSS_LockPolicy;
+;+ local:
+;+ *;
+;+};
diff -up ./lib/util/secerr.h.orig ./lib/util/secerr.h
--- ./lib/util/secerr.h.orig 2020-10-29 13:17:16.390664223 -0700
+++ ./lib/util/secerr.h 2020-10-29 13:28:22.701093270 -0700
@@ -210,6 +210,11 @@ typedef enum {
SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178),
+ SEC_ERROR_INVALID_STATE = (SEC_ERROR_BASE + 179),
+
+ SEC_ERROR_POLICY_LOCKED = (SEC_ERROR_BASE + 180),
+ SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 181),
+
/* Add new error codes above here. */
SEC_ERROR_END_OF_LIST
} SECErrorCodes;
diff -up ./lib/util/SECerrs.h.orig ./lib/util/SECerrs.h
--- ./lib/util/SECerrs.h.orig 2020-10-29 13:17:16.389664218 -0700
+++ ./lib/util/SECerrs.h 2020-10-29 13:26:46.960599243 -0700
@@ -549,3 +549,12 @@ ER3(SEC_ERROR_LEGACY_DATABASE, (SEC_ERRO
ER3(SEC_ERROR_APPLICATION_CALLBACK_ERROR, (SEC_ERROR_BASE + 178),
"The certificate was rejected by extra checks in the application.")
+
+ER3(SEC_ERROR_INVALID_STATE, (SEC_ERROR_BASE + 179),
+ "The attempted operation is invalid for the current state.")
+
+ER3(SEC_ERROR_POLICY_LOCKED, (SEC_ERROR_BASE + 180),
+ "Could not change the policy because the policy is now locked.")
+
+ER3(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 181),
+ "Could not create or verify a signature using a signature algorithm that is disabled because it is not secure.")
diff -up ./lib/util/secoid.c.orig ./lib/util/secoid.c
--- ./lib/util/secoid.c.orig 2020-10-29 13:14:14.119727304 -0700
+++ ./lib/util/secoid.c 2020-10-29 13:17:16.390664223 -0700
@@ -2257,6 +2257,8 @@ NSS_GetAlgorithmPolicy(SECOidTag tag, PR
return SECSuccess;
}
+static PRBool nss_policy_locked = PR_FALSE;
+
/* The Set function modifies the stored value according to the following
* algorithm:
* policy[tag] = (policy[tag] & ~clearBits) | setBits;
@@ -2268,6 +2270,11 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PR
PRUint32 policyFlags;
if (!pxo)
return SECFailure;
+
+ if (nss_policy_locked) {
+ PORT_SetError(SEC_ERROR_POLICY_LOCKED);
+ return SECFailure;
+ }
/* The stored policy flags are the ones complement of the flags as
* seen by the user. This is not atomic, but these changes should
* be done rarely, e.g. at initialization time.
@@ -2278,6 +2285,20 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PR
return SECSuccess;
}
+/* Get the state of nss_policy_locked */
+PRBool
+NSS_IsPolicyLocked(void)
+{
+ return nss_policy_locked;
+}
+
+/* Once the policy is locked, it can't be unlocked */
+void
+NSS_LockPolicy(void)
+{
+ nss_policy_locked = PR_TRUE;
+}
+
/* --------- END OF opaque extended OID table accessor functions ---------*/
/* for now, this is only used in a single place, so it can remain static */
@@ -2339,6 +2360,9 @@ SECOID_Shutdown(void)
dynOidEntriesAllocated = 0;
dynOidEntriesUsed = 0;
}
+ /* we are trashing the old policy state now, also reenable changing
+ * the policy as well */
+ nss_policy_locked = PR_FALSE;
memset(xOids, 0, sizeof xOids);
return SECSuccess;
}
diff -up ./lib/util/secoid.h.orig ./lib/util/secoid.h
--- ./lib/util/secoid.h.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./lib/util/secoid.h 2020-10-29 13:17:16.390664223 -0700
@@ -135,6 +135,15 @@ extern SECStatus NSS_GetAlgorithmPolicy(
extern SECStatus
NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits);
+/* Lock the policy so NSS_SetAlgorithmPolicy (and other policy functions)
+ * No longer function */
+void
+NSS_LockPolicy(void);
+
+/* return true if policy changes are now locked out */
+PRBool
+NSS_IsPolicyLocked(void);
+
SEC_END_PROTOS
#endif /* _SECOID_H_ */
diff -up ./lib/util/secoidt.h.orig ./lib/util/secoidt.h
--- ./lib/util/secoidt.h.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./lib/util/secoidt.h 2020-10-29 13:17:16.390664223 -0700
@@ -538,7 +538,24 @@ struct SECOidDataStr {
#define NSS_USE_ALG_IN_SSL_KX 0x00000004 /* used in SSL key exchange */
#define NSS_USE_ALG_IN_SSL 0x00000008 /* used in SSL record protocol */
#define NSS_USE_POLICY_IN_SSL 0x00000010 /* enable policy in SSL protocol */
-#define NSS_USE_ALG_RESERVED 0xfffffffc /* may be used in future */
+#define NSS_USE_ALG_IN_ANY_SIGNATURE 0x00000020 /* used in S/MIME */
+#define NSS_USE_DEFAULT_NOT_VALID 0x80000000 /* clear to make the default flag valid */
+#define NSS_USE_DEFAULT_SSL_ENABLE 0x40000000 /* default cipher suite setting 1=enable */
+
+/* Combo policy bites */
+#define NSS_USE_ALG_RESERVED 0x3fffffc0 /* may be used in future */
+/* Alias of all the signature values. */
+#define NSS_USE_ALG_IN_SIGNATURE (NSS_USE_ALG_IN_CERT_SIGNATURE | \
+ NSS_USE_ALG_IN_CMS_SIGNATURE | \
+ NSS_USE_ALG_IN_ANY_SIGNATURE)
+/* all the bits needed for a certificate signature
+ * and only the bits needed for a certificate signature */
+#define NSS_USE_CERT_SIGNATURE_OK (NSS_USE_ALG_IN_CERT_SIGNATURE | \
+ NSS_USE_ALG_IN_ANY_SIGNATURE)
+/* all the bits needed for an SMIME signature
+ * and only the bits needed for an SMIME signature */
+#define NSS_USE_CMS_SIGNATURE_OK (NSS_USE_ALG_IN_CMS_SIGNATURE | \
+ NSS_USE_ALG_IN_ANY_SIGNATURE)
/* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them
* being all zeros or having any other known value. The reserved bits
diff -up ./tests/policy/crypto-policy.txt.orig ./tests/policy/crypto-policy.txt
--- ./tests/policy/crypto-policy.txt.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./tests/policy/crypto-policy.txt 2020-10-29 13:17:16.390664223 -0700
@@ -3,14 +3,15 @@
# col 3: an extended regular expression, expected to match the output
# col 4: description of the test
#
-0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy
-0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy
-0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy
+0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy
+0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy
+0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy
2 disallow=ALL_allow=dtls-version-min=:dtls-version-max= NSS-POLICY-FAIL Missing value
2 disallow=ALL_allow=RSA-MIN=whatever NSS-POLICY-FAIL Invalid value
2 disallow=ALL_allow=flower NSS-POLICY-FAIL Invalid identifier
1 disallow=all NSS-POLICY-WARN.*NUMBER-OF-CERT-SIG disallow all
-1 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-WARN.*NUMBER-OF-HASH No Hashes
+1 disallow=all/signature NSS-POLICY-WARN.*NUMBER-OF-CERT-SIG disallow all signatures
+1 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-WARN.*NUMBER-OF-HASH No Hashes
1 disallow=ALL_allow=tls-version-min=0:tls-version-max=0 NSS-POLICY-WARN.*NUMBER-OF-TLS-VERSIONS All TLS versions disabled
1 disallow=ALL_allow=dtls-version-min=0:dtls-version-max=0 NSS-POLICY-WARN.*NUMBER-OF-DTLS-VERSIONS All DTLS versions disabled
1 disallow=ALL_allow=tls-version-min=tls1.2:tls-version-max=tls1.1 NSS-POLICY-WARN.*NUMBER-OF-TLS-VERSIONS Invalid range of TLS versions
diff -up ./tests/policy/policy.sh.orig ./tests/policy/policy.sh
--- ./tests/policy/policy.sh.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./tests/policy/policy.sh 2020-10-29 13:17:16.391664228 -0700
@@ -12,6 +12,28 @@
#
########################################################################
+policy_init()
+{
+ SCRIPTNAME=policy.sh # sourced - $0 would point to all.sh
+
+ if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
+ CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
+ fi
+
+ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+ cd ../common
+ . ./init.sh
+ fi
+ SCRIPTNAME=policy.sh
+
+}
+
+policy_cleanup()
+{
+ cd ${QADIR}
+ . common/cleanup.sh
+}
+
ignore_blank_lines()
{
LC_ALL=C egrep -v '^[[:space:]]*(#|$)' "$1"
@@ -53,6 +75,9 @@ NSS=flags=policyOnly,moduleDB
html_msg $ret 0 "\"${testname}\" output is expected to match \"${match}\""
done
+ html "</TABLE><BR>"
}
+policy_init
policy_run_tests
+policy_cleanup
diff -up ./tests/ssl/sslpolicy.txt.orig ./tests/ssl/sslpolicy.txt
--- ./tests/ssl/sslpolicy.txt.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./tests/ssl/sslpolicy.txt 2020-10-29 13:17:16.391664228 -0700
@@ -7,8 +7,14 @@
# The policy string is set to the config= line in the pkcs11.txt
# it currently has 2 keywords:
#
-# disallow= turn off the use of this algorithm by policy.
+# disallow= turn off the use of this algorithm by policy. (implies disable)
# allow= allow this algorithm to by used if selected by policy.
+# disable= turn off the use of this algorithm even if allowed by policy
+# (application can override)
+# enable= turn off this algorithm by default (implies allow)
+# flags= policy-lock: can't change policy with NSS_SetAlgorithmPolicy,
+# NSS_SetOption, or SSL_SetCipherPolicy
+# ssl-lock: can't change the cipher suite settings with the application.
#
# The syntax is disallow=algorithm{/uses}:algorithm{/uses}
# where {} signifies an optional element
@@ -76,6 +82,9 @@
# SECT571R1
# Signatures:
# DSA
+# RSA-PKCS
+# RSA-PSS
+# ECDSA
# Hashes:
# MD2
# MD4
@@ -137,7 +146,8 @@
# ssl-key-exchange
# key-exchange (includes ssl-key-exchange)
# cert-signature
-# signature (includes cert-signature)
+# all-signature (includes cert-signature)
+# signature (all signatures off, some signature allowed based on other option)
# all (includes all of the above)
#-----------------------------------------------
# In addition there are the following options:
@@ -147,31 +157,48 @@
# they have the following syntax:
# allow=min-rsa=512:min-dh=1024
#
+# in the following tests, we use the cipher suite 'd':
+# d SSL3 RSA WITH 3DES EDE CBC SHA (=:000a).
+# NOTE: the certificates used in validation are rsa-pkcs1/sha256 signed.
+#
# Exp Enable Enable Cipher Config Policy Test Name
# Ret EC TLS
# turn on single cipher
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
- 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
- 1 noECC SSL3 d disallow=all Disallow All Explicitly.
+ 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
+ 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/all-signature:rsa-pkcs/all-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
+ 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:dsa/all:rsa-pss/all:ecdsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
+ 1 noECC SSL3 d disallow=all Disallow All Explicitly
# turn off signature only
- 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly.
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
+ 0 noECC SSL3 d disallow=all/signature Disallow all signatures with Explicitly
+ 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Explicitly
+ 1 noECC SSL3 d disallow=sha256/cert-signature Disallow SHA256 Certificate signature Explicitly
+ 0 noECC SSL3 d disallow=sha256/signature Disallow All SHA256 signatures Explicitly
+ 1 noECC SSL3 d disallow=sha256/all-signature Disallow Any SHA256 signature Explicitly
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:dsa/all:ecdsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly
# turn off single cipher
1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly
# turn off H-Mac
1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly
- 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
+ 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly
# turn off key exchange
- 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
+ 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchange Signatures Implicitly
# turn off version
1 noECC SSL3 d allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow.
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly.
- 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly.
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly
+ 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly
+ 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly
+# test default settings
+# NOTE: tstclient will attempt to overide the defaults, so we detect we
+# were successful by locking in our settings
+ 0 noECC SSL3 d allow=all_disable=all Disable all by default, application override
+ 1 noECC SSL3 d allow=all_disable=all_flags=ssl-lock,policy-lock Disable all by default, prevent application from enabling
+ 0 noECC SSL3 d allow=all_disable=all_flags=policy-lock Disable all by default, lock policy (application can still change the ciphers)
+# explicitly enable :002f RSA_AES_128_CBC_SHA1 and lock it in
+ 0 noECC SSL3 d allow=all_disable=all_enable=hmac-sha1:sha256:rsa-pkcs:rsa:aes128-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0_flags=ssl-lock Lock in a different ciphersuite that the one the application asks for
diff -up ./tests/ssl/ssl.sh.orig ./tests/ssl/ssl.sh
--- ./tests/ssl/ssl.sh.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./tests/ssl/ssl.sh 2020-10-29 13:17:16.391664228 -0700
@@ -886,6 +886,7 @@ ssl_policy_listsuites()
cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav
# Disallow all explicitly
+ testname="listsuites with all cipher disallowed by policy"
setup_policy "disallow=all" ${P_R_CLIENTDIR}
RET_EXP=1
list_enabled_suites | grep '^TLS_'
@@ -894,6 +895,7 @@ ssl_policy_listsuites()
"produced a returncode of $RET, expected is $RET_EXP"
# Disallow RSA in key exchange explicitly
+ testname="listsuites with rsa cipher disallowed by policy"
setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_CLIENTDIR}
RET_EXP=1
list_enabled_suites | grep '^TLS_RSA_'
@@ -901,6 +903,34 @@ ssl_policy_listsuites()
html_msg $RET $RET_EXP "${testname}" \
"produced a returncode of $RET, expected is $RET_EXP"
+ # allow by policy, but disable by default
+ testname="listsuites with all ciphers enabled by policy but disabled by default"
+ setup_policy "allow=all disable=all" ${P_R_CLIENTDIR}
+ RET_EXP=1
+ list_enabled_suites | grep '^TLS_'
+ RET=$?
+ html_msg $RET $RET_EXP "${testname}" \
+ "produced a returncode of $RET, expected is $RET_EXP"
+
+ # allow by policy, but disable by default just rsa-kea
+ testname="listsuites with all ciphers enabled by policy but rsa disabled by default"
+ setup_policy "allow=all disable=rsa/ssl-key-exchange" ${P_R_CLIENTDIR}
+ RET_EXP=1
+ list_enabled_suites | grep '^TLS_RSA_'
+ RET=$?
+ html_msg $RET $RET_EXP "${testname}" \
+ "produced a returncode of $RET, expected is $RET_EXP"
+
+ # list_enabled_suites tries to set a policy value explicitly, This will
+ # cause list_enabled_suites to fail if we lock the policy
+ testname="listsuites with policy locked"
+ setup_policy "allow=all flags=policy-lock" ${P_R_CLIENTDIR}
+ RET_EXP=1
+ SSL_DIR="${P_R_CLIENTDIR}" ${BINDIR}/listsuites
+ RET=$?
+ html_msg $RET $RET_EXP "${testname}" \
+ "produced a returncode of $RET, expected is $RET_EXP"
+
cp ${P_R_CLIENTDIR}/pkcs11.txt.sav ${P_R_CLIENTDIR}/pkcs11.txt
html "</TABLE><BR>"
@@ -925,6 +955,7 @@ ssl_policy_selfserv()
cp ${P_R_SERVERDIR}/pkcs11.txt ${P_R_SERVERDIR}/pkcs11.txt.sav
# Disallow RSA in key exchange explicitly
+ testname="Disallow RSA key exchange explicitly"
setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_SERVERDIR}
SAVE_SERVER_OPTIONS=${SERVER_OPTIONS}

View File

@ -0,0 +1,417 @@
diff -up ./gtests/common/testvectors_base/test-structs.h.orig ./gtests/common/testvectors_base/test-structs.h
--- ./gtests/common/testvectors_base/test-structs.h.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./gtests/common/testvectors_base/test-structs.h 2020-12-05 10:54:36.648849921 -0800
@@ -66,6 +66,31 @@ typedef struct EcdhTestVectorStr {
bool valid;
} EcdhTestVector;
+enum class IkeTestType {
+ ikeGxy, /* CKM_NSS_IKE_PRF_DERIVE case 1 */
+ ikeV1Psk, /* CKM_NSS_IKE_PRF_DERIVE case 2 */
+ ikeV2Rekey, /* CKM_NSS_IKE_PRF_DERIVE case 3 */
+ ikeV1, /* CKM_NSS_IKE1_PRF_DERIVE */
+ ikeV1AppB, /* CKM_NSS_IKE1_PRF_APP_B_DERIVE base mode */
+ ikeV1AppBQuick, /* CKM_NSS_IKE1_PRF_APP_B_DERIVE quick mode */
+ ikePlus /* CKM_NSS_IKE_PRF_DERIVE */
+};
+
+typedef struct IkeTestVectorStr {
+ uint32_t id;
+ IkeTestType test_type;
+ std::string ikm;
+ std::string gxykm;
+ std::string prevkm;
+ std::string okm;
+ std::string Ni;
+ std::string Nr;
+ std::string seed_data;
+ uint8_t key_number;
+ uint32_t size;
+ bool valid;
+} IkeTestVector;
+
typedef struct RsaSignatureTestVectorStr {
SECOidTag hash_oid;
uint32_t id;
diff -up ./gtests/common/testvectors/ike-sha1-vectors.h.orig ./gtests/common/testvectors/ike-sha1-vectors.h
--- ./gtests/common/testvectors/ike-sha1-vectors.h.orig 2020-12-05 10:54:36.649849926 -0800
+++ ./gtests/common/testvectors/ike-sha1-vectors.h 2020-12-05 11:01:09.170017713 -0800
@@ -0,0 +1,114 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling python3 genTestVectors.py */
+
+#ifndef ike_sha1_vectors_h__
+#define ike_sha1_vectors_h__
+
+#include "testvectors_base/test-structs.h"
+
+const IkeTestVector kIkeSha1ProofVectors[] = {
+ // these vectors are from this NIST samples
+ {1, IkeTestType::ikeGxy,
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "", "", "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "69a62284195f1680", "80c94ba25c8abda5",
+ "", 0, 0, true },
+ {2, IkeTestType::ikeV1,
+ "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "", "384be709a8a5e63c3ed160cfe3921c4b37d5b32d",
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
+ "", 0, 0, true },
+ {3, IkeTestType::ikeV1,
+ "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "384be709a8a5e63c3ed160cfe3921c4b37d5b32d",
+ "48b327575abe3adba0f279849e289022a13e2b47",
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
+ "", 1, 0, true },
+ {4, IkeTestType::ikeV1,
+ "707197817fb2d90cf54d1842606bdea59b9f4823",
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
+ "48b327575abe3adba0f279849e289022a13e2b47",
+ "a4a415c8e0c38c0da847c356cc61c24df8025560",
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
+ "", 2, 0, true },
+ {5, IkeTestType::ikeV1Psk, "c0", "", "",
+ "ab3be41bc62f2ef0c41a3076d58768be77fadd2e",
+ "03a6f25a83c8c2a3", "9d958a6618f77e7f",
+ "", 0, 0, true },
+ {6, IkeTestType::ikeGxy,
+ "4b2c1f971981a8ad8d0abeafabf38cf75fc8349c148142465ed9c8b516b8be52",
+ "", "", "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7",
+ "32b50d5f4a3763f3", "9206a04b26564cb1",
+ "", 0, 0, true },
+ {7, IkeTestType::ikeV2Rekey,
+ "a14293677cc80ff8f9cc0eee30d895da9d8f4056",
+ "863f3c9d06efd39d2b907b97f8699e5dd5251ef64a2a176f36ee40c87d4f9330",
+ "", "63e81194946ebd05df7df5ebf5d8750056bf1f1d",
+ "32b50d5f4a3763f3", "9206a04b26564cb1",
+ "", 0, 0, true },
+ {8, IkeTestType::ikePlus,
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "", "",
+ "a14293677cc80ff8f9cc0eee30d895da9d8f405666e30ef0dfcb63c634a46002a2a63080e514a062768b76606f9fa5e992204fc5a670bde3f10d6b027113936a5c55b648a194ae587b0088d52204b702c979fa280870d2ed41efa9c549fd11198af1670b143d384bd275c5f594cf266b05ebadca855e4249520a441a81157435a7a56cc4", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0, 132, true },
+ {9, IkeTestType::ikePlus,
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "", "",
+ "a14293677cc80ff8f9cc0eee30d895da9d8f405666e30ef0dfcb63c634a46002a2a63080e514a062", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0, 40, true },
+ {10, IkeTestType::ikePlus,
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "", "",
+ "a14293677cc80ff8f9cc0eee30d895", "", "",
+ // seed_data is Ni || Nr || SPIi || SPIr
+ // NOTE: there is no comma so the strings are concatenated together.
+ "32b50d5f4a3763f3" // Ni
+ "9206a04b26564cb1" // Nr
+ "34c9e7c188868785" // SPIi
+ "3ff77d760d2b2199", // SPIr
+ 0, 15, true },
+ // these vectors are self-generated
+ {11, IkeTestType::ikeV1AppB,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe0eecade1eb4134165257e3af1000af8ae3f165063828cbb60d910b7db38fa3c7f62c4afaaf3203da065c841729853edb23e9e7ac8286ae65c8cb6c667d79268c0bd6705abb9131698eb822b1c1f9dd142fc7be2c1010ee0152e10195add98999c6b6d42c8fe9c1b134d56ad5f2c6f20e815bd25c52",
+ "", "", "", 0, 132, true },
+ {12, IkeTestType::ikeV1AppB,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe0eecade1eb4134165257e3af1000af8ae3f165063828cbb60d",
+ "", "", "", 0, 40, true },
+ {13, IkeTestType::ikeV1AppB,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "63e81194946ebd05df7df5ebf5d875",
+ "", "", "", 0, 15, true },
+ {14, IkeTestType::ikeV1AppBQuick,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe0eecade1ebaeaa476a5f578c34a9b2b7101a621202f61db924c5ef9efa3bb2698095841603b7ac8a880329a927ecd4ad53a944b607a5ac2f3d154e2748c188d7370d76be83fc204fdacf0f66b99dd760ba619ffac65eda1420c8a936dac5a599afaf4043b29ef2b65dc042724355b550875316c6fd",
+ "", "", "0", 0, 132, true },
+ {15, IkeTestType::ikeV1AppBQuick,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe0eecade1ebaeaa476a5f578c34a9b2b7101a621202f61db924",
+ "", "", "0", 0, 40, true },
+ {16, IkeTestType::ikeV1AppBQuick,
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
+ "933347a07de5782247dd36d1562ffe",
+ "", "", "0", 0, 15, true },
+ };
+
+#endif // ike_sha1_vectors_h__
diff -up ./gtests/pk11_gtest/manifest.mn.orig ./gtests/pk11_gtest/manifest.mn
--- ./gtests/pk11_gtest/manifest.mn.orig 2020-12-05 10:53:12.529385354 -0800
+++ ./gtests/pk11_gtest/manifest.mn 2020-12-05 10:54:36.649849926 -0800
@@ -22,6 +22,7 @@ CPPSRCS = \
pk11_export_unittest.cc \
pk11_find_certs_unittest.cc \
pk11_hkdf_unittest.cc \
+ pk11_ike_unittest.cc \
pk11_import_unittest.cc \
pk11_kdf_unittest.cc \
pk11_kbkdf.cc \
diff -up ./gtests/pk11_gtest/pk11_gtest.gyp.orig ./gtests/pk11_gtest/pk11_gtest.gyp
--- ./gtests/pk11_gtest/pk11_gtest.gyp.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./gtests/pk11_gtest/pk11_gtest.gyp 2020-12-05 10:54:36.649849926 -0800
@@ -27,6 +27,7 @@
'pk11_encrypt_derive_unittest.cc',
'pk11_find_certs_unittest.cc',
'pk11_hkdf_unittest.cc',
+ 'pk11_ike_unittest.cc',
'pk11_import_unittest.cc',
'pk11_kbkdf.cc',
'pk11_keygen.cc',
diff -up ./gtests/pk11_gtest/pk11_ike_unittest.cc.orig ./gtests/pk11_gtest/pk11_ike_unittest.cc
--- ./gtests/pk11_gtest/pk11_ike_unittest.cc.orig 2020-12-05 10:54:36.649849926 -0800
+++ ./gtests/pk11_gtest/pk11_ike_unittest.cc 2020-12-05 10:54:36.649849926 -0800
@@ -0,0 +1,197 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "blapi.h"
+#include "gtest/gtest.h"
+#include "nss.h"
+#include "nss_scoped_ptrs.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "sechash.h"
+#include "util.h"
+
+#include "testvectors/ike-sha1-vectors.h"
+#ifdef notdef
+#include "testvectors/ike-sha256-vectors.h"
+#include "testvectors/ike-aesxcbc-vectors.h"
+#endif
+
+namespace nss_test {
+
+class Pkcs11IkeTest
+ : public ::testing::TestWithParam<
+ std::tuple<IkeTestVector, CK_MECHANISM_TYPE>> {
+ protected:
+ void dump_item(const char *label, SECItem *item) {
+ printf("%s: %d bytes { \"",label, item->len);
+ unsigned int i;
+ for (i=0; i < item->len; i++) {
+ printf("%02x",item->data[i]);
+ }
+ printf("\"\n");
+ }
+
+ ScopedPK11SymKey ImportKey(SECItem &ikm_item) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ if (!slot) {
+ ADD_FAILURE() << "Can't get slot";
+ return nullptr;
+ }
+ ScopedPK11SymKey ikm(PK11_ImportSymKey(slot.get(),
+ CKM_GENERIC_SECRET_KEY_GEN,
+ PK11_OriginUnwrap, CKA_DERIVE, &ikm_item,
+ nullptr));
+ return ikm;
+ }
+
+ void RunVectorTest(const IkeTestVector &vec, CK_MECHANISM_TYPE prf_mech) {
+ std::string msg = "Test #" + std::to_string(vec.id) + " failed";
+ std::vector<uint8_t> vec_ikm = hex_string_to_bytes(vec.ikm);
+ std::vector<uint8_t> vec_okm = hex_string_to_bytes(vec.okm);
+ std::vector<uint8_t> vec_gxykm = hex_string_to_bytes(vec.gxykm);
+ std::vector<uint8_t> vec_prevkm = hex_string_to_bytes(vec.prevkm);
+ std::vector<uint8_t> vec_Ni = hex_string_to_bytes(vec.Ni);
+ std::vector<uint8_t> vec_Nr = hex_string_to_bytes(vec.Nr);
+ std::vector<uint8_t> vec_seed_data = hex_string_to_bytes(vec.seed_data);
+ SECItem ikm_item = {siBuffer, vec_ikm.data(),
+ static_cast<unsigned int>(vec_ikm.size())};
+ SECItem okm_item = {siBuffer, vec_okm.data(),
+ static_cast<unsigned int>(vec_okm.size())};
+ SECItem prevkm_item = {siBuffer, vec_prevkm.data(),
+ static_cast<unsigned int>(vec_prevkm.size())};
+ SECItem gxykm_item = {siBuffer, vec_gxykm.data(),
+ static_cast<unsigned int>(vec_gxykm.size())};
+ CK_MECHANISM_TYPE derive_mech = CKM_NSS_IKE_PRF_DERIVE;
+ ScopedPK11SymKey gxy_key= nullptr;
+ ScopedPK11SymKey prev_key= nullptr;
+ ScopedPK11SymKey ikm = ImportKey(ikm_item);
+
+ // IKE_PRF structure (used in cases 1, 2 and 3)
+ CK_NSS_IKE_PRF_DERIVE_PARAMS nss_ike_prf_params = {
+ prf_mech, false, false,
+ vec_Ni.data(), static_cast<CK_ULONG>(vec_Ni.size()),
+ vec_Nr.data(), static_cast<CK_ULONG>(vec_Nr.size()),
+ CK_INVALID_HANDLE
+ };
+
+ // IKE_V1_PRF, used to derive session keys.
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS nss_ike_v1_prf_params = {
+ prf_mech, false, CK_INVALID_HANDLE, CK_INVALID_HANDLE,
+ vec_Ni.data(), static_cast<CK_ULONG>(vec_Ni.size()),
+ vec_Nr.data(), static_cast<CK_ULONG>(vec_Nr.size()),
+ vec.key_number
+ };
+
+ // IKE_V1_APP_B, do quick mode (all session keys in one call).
+ CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS nss_ike_app_b_prf_params_quick = {
+ prf_mech, false, CK_INVALID_HANDLE,
+ vec_seed_data.data(), static_cast<CK_ULONG>(vec_seed_data.size())
+ };
+
+ // IKE_V1_APP_B, used for long session keys in ike_v1
+ CK_MECHANISM_TYPE nss_ike_app_b_prf_params = prf_mech;
+
+ // IKE_PRF_PLUS, used to generate session keys in ike v2
+ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS nss_ike_prf_plus_params = {
+ prf_mech, false, CK_INVALID_HANDLE,
+ vec_seed_data.data(), static_cast<CK_ULONG>(vec_seed_data.size())
+ };
+
+
+ SECItem params_item = {siBuffer, (unsigned char *)&nss_ike_prf_params,
+ sizeof(nss_ike_prf_params)};
+
+ switch (vec.test_type) {
+ case IkeTestType::ikeGxy:
+ nss_ike_prf_params.bDataAsKey = true;
+ break;
+ case IkeTestType::ikeV1Psk:
+ break;
+ case IkeTestType::ikeV2Rekey:
+ nss_ike_prf_params.bRekey = true;
+ gxy_key = ImportKey(gxykm_item);
+ nss_ike_prf_params.hNewKey = PK11_GetSymKeyHandle(gxy_key.get());
+ break;
+ case IkeTestType::ikeV1:
+ derive_mech = CKM_NSS_IKE1_PRF_DERIVE;
+ params_item.data = (unsigned char *) &nss_ike_v1_prf_params;
+ params_item.len = sizeof(nss_ike_v1_prf_params);
+ gxy_key = ImportKey(gxykm_item);
+ nss_ike_v1_prf_params.hKeygxy = PK11_GetSymKeyHandle(gxy_key.get());
+ if (prevkm_item.len != 0) {
+ prev_key = ImportKey(prevkm_item);
+ nss_ike_v1_prf_params.bHasPrevKey = true;
+ nss_ike_v1_prf_params.hPrevKey = PK11_GetSymKeyHandle(prev_key.get());
+ }
+ break;
+ case IkeTestType::ikeV1AppB:
+ derive_mech = CKM_NSS_IKE1_APP_B_PRF_DERIVE;
+ params_item.data = (unsigned char *) &nss_ike_app_b_prf_params;
+ params_item.len = sizeof(nss_ike_app_b_prf_params);
+ break;
+ case IkeTestType::ikeV1AppBQuick:
+ derive_mech = CKM_NSS_IKE1_APP_B_PRF_DERIVE;
+ params_item.data = (unsigned char *) &nss_ike_app_b_prf_params_quick;
+ params_item.len = sizeof(nss_ike_app_b_prf_params_quick);
+ if (gxykm_item.len != 0) {
+ gxy_key = ImportKey(gxykm_item);
+ nss_ike_app_b_prf_params_quick.bHasKeygxy = true;
+ nss_ike_app_b_prf_params_quick.hKeygxy =
+ PK11_GetSymKeyHandle(gxy_key.get());
+ }
+ break;
+ case IkeTestType::ikePlus:
+ derive_mech = CKM_NSS_IKE_PRF_PLUS_DERIVE;
+ params_item.data = (unsigned char *) &nss_ike_prf_plus_params;
+ params_item.len = sizeof(nss_ike_prf_plus_params);
+ break;
+ default:
+ ADD_FAILURE() << msg;
+ return;
+ }
+ ASSERT_NE(nullptr, ikm) << msg;
+
+ ScopedPK11SymKey okm = ScopedPK11SymKey(
+ PK11_Derive(ikm.get(), derive_mech, &params_item,
+ CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.size));
+ if (vec.valid) {
+ ASSERT_NE(nullptr, okm.get()) << msg;
+ ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())) << msg;
+ SECItem *outItem = PK11_GetKeyData(okm.get());
+ if (SECITEM_CompareItem(&okm_item, outItem) != 0) {
+ dump_item("expected key:", &okm_item);
+ dump_item("calculated key:", outItem);
+ }
+ ASSERT_EQ(0, SECITEM_CompareItem(&okm_item, PK11_GetKeyData(okm.get())))
+ << msg;
+ } else {
+ ASSERT_EQ(nullptr, okm.get()) << msg;
+ }
+ }
+};
+
+TEST_P(Pkcs11IkeTest, IkeproofVectors) {
+ RunVectorTest(std::get<0>(GetParam()), std::get<1>(GetParam()));
+}
+
+INSTANTIATE_TEST_CASE_P(
+ IkeSha1, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeSha1ProofVectors),
+ ::testing::Values(CKM_SHA_1_HMAC)));
+#ifdef notdef
+INSTANTIATE_TEST_CASE_P(
+ IkeSha256, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeSha256ProofVectors),
+ ::testing::Values(CKM_SHA256_HMAC)));
+
+INSTANTIATE_TEST_CASE_P(
+ IkeAESXCBC, Pkcs11IkeTest,
+ ::testing::Combine(::testing::ValuesIn(kIkeAesXcbcProofVectors),
+ ::testing::Values(CKM_AES_XCBC_MAC)));
+#endif
+
+} // namespace nss_test
diff -up ./lib/softoken/sftkike.c.orig ./lib/softoken/sftkike.c
--- ./lib/softoken/sftkike.c.orig 2020-12-05 10:53:12.629385906 -0800
+++ ./lib/softoken/sftkike.c 2020-12-05 10:59:16.073393113 -0800
@@ -720,6 +720,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
unsigned int macSize;
unsigned int outKeySize;
unsigned int genKeySize;
+ PRBool quickMode = PR_FALSE;
CK_RV crv;
prfContext context;
@@ -748,6 +749,11 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
crv = CKR_KEY_HANDLE_INVALID;
goto fail;
}
+ quickMode = PR_TRUE;
+ }
+
+ if (params->ulExtraDataLen !=0) {
+ quickMode = PR_TRUE;
}
macSize = prf_length(&context);
@@ -756,10 +762,16 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
keySize = macSize;
}
- if (keySize <= inKey->attrib.ulValueLen) {
+ /* In appendix B, we are just expanding or contracting a single key.
+ * If the input key is less than equal the the key size we want, just
+ * subset the original key. In quick mode we are actually getting new
+ * keys (salted with our seed data and our gxy key), so we want to run
+ * through our algorithm */
+ if ((!quickMode) && (keySize <= inKey->attrib.ulValueLen)) {
return sftk_forceAttribute(outKey, CKA_VALUE,
inKey->attrib.pValue, keySize);
}
+
outKeySize = PR_ROUNDUP(keySize, macSize);
outKeyData = PORT_Alloc(outKeySize);
if (outKeyData == NULL) {

View File

@ -0,0 +1,24 @@
diff -up ./coreconf/config.gypi.orig ./coreconf/config.gypi
--- ./coreconf/config.gypi.orig 2020-06-16 15:50:59.000000000 -0700
+++ ./coreconf/config.gypi 2020-10-15 16:05:37.542761192 -0700
@@ -363,7 +363,7 @@
'_DEFAULT_SOURCE', # for <endian.h> functions, strdup, realpath, and getentropy
'_BSD_SOURCE', # for the above in glibc <= 2.19
'_POSIX_SOURCE', # for <signal.h>
- 'SQL_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls
+ 'SDB_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls
],
}],
[ 'OS=="dragonfly" or OS=="freebsd"', {
diff -up ./coreconf/Linux.mk.orig ./coreconf/Linux.mk
--- ./coreconf/Linux.mk.orig 2020-10-15 16:05:04.794591674 -0700
+++ ./coreconf/Linux.mk 2020-10-15 16:05:37.543761197 -0700
@@ -21,7 +21,7 @@ ifeq ($(USE_PTHREADS),1)
endif
DEFAULT_COMPILER = gcc
-DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSQL_MEASURE_USE_TEMP_DIR
+DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSDB_MEASURE_USE_TEMP_DIR
ifeq ($(OS_TARGET),Android)
ifndef ANDROID_NDK

View File

@ -0,0 +1,21 @@
diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes ./gtests/softoken_gtest/softoken_dh_vectors.h
--- ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes 2020-10-04 00:52:25.008998541 +0300
+++ ./gtests/softoken_gtest/softoken_dh_vectors.h 2020-10-04 00:54:50.095503256 +0300
@@ -2869,7 +2869,7 @@ static const DhTestVector DH_TEST_VECTOR
{siBuffer, (unsigned char *)g2, sizeof(g2)},
{siBuffer, NULL, 0},
{siBuffer, NULL, 0},
- IKE_APPROVED,
+ SAFE_PRIME,
CLASS_1536},
{"IKE 2048",
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
@@ -2949,7 +2949,7 @@ static const DhTestVector DH_TEST_VECTOR
{siBuffer, (unsigned char *)sub2_prime_ike_1536,
sizeof(sub2_prime_ike_1536)},
{siBuffer, NULL, 0},
- IKE_APPROVED,
+ SAFE_PRIME,
CLASS_1536},
{"IKE 2048 with subprime",
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},

View File

@ -0,0 +1,53 @@
diff -up ./lib/softoken/pkcs11c.c.orig ./lib/softoken/pkcs11c.c
--- ./lib/softoken/pkcs11c.c.orig 2020-10-15 16:06:47.380122702 -0700
+++ ./lib/softoken/pkcs11c.c 2020-10-15 16:07:56.891482521 -0700
@@ -5101,7 +5101,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
/* subprime not supplied, In this case look it up.
* This only works with approved primes, but in FIPS mode
* that's the only kine of prime that will get here */
- subPrimePtr = sftk_VerifyDH_Prime(&prime);
+ subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS);
if (subPrimePtr == NULL) {
crv = CKR_GENERAL_ERROR;
goto done;
@@ -8293,7 +8293,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
/* if the prime is an approved prime, we can skip all the other
* checks. */
- subPrime = sftk_VerifyDH_Prime(&dhPrime);
+ subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS);
if (subPrime == NULL) {
SECItem dhSubPrime;
/* In FIPS mode we only accept approved primes */
diff -up ./lib/softoken/pkcs11i.h.orig ./lib/softoken/pkcs11i.h
--- ./lib/softoken/pkcs11i.h.orig 2020-10-15 16:06:47.380122702 -0700
+++ ./lib/softoken/pkcs11i.h 2020-10-15 16:07:56.892482526 -0700
@@ -926,7 +926,7 @@ char **NSC_ModuleDBFunc(unsigned long fu
/* dh verify functions */
/* verify that dhPrime matches one of our known primes, and if so return
* it's subprime value */
-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime);
+const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS);
/* check if dhSubPrime claims dhPrime is a safe prime. */
SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe);
diff -up ./lib/softoken/sftkdhverify.c.orig ./lib/softoken/sftkdhverify.c
--- ./lib/softoken/sftkdhverify.c.orig 2020-10-15 16:06:47.370122650 -0700
+++ ./lib/softoken/sftkdhverify.c 2020-10-15 16:07:56.893482531 -0700
@@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192=
* verify that dhPrime matches one of our known primes
*/
const SECItem *
-sftk_VerifyDH_Prime(SECItem *dhPrime)
+sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS)
{
/* use the length to decide which primes to check */
switch (dhPrime->len) {
case 1536 / PR_BITS_PER_BYTE:
+ /* don't accept 1536 bit primes in FIPS mode */
+ if (isFIPS) {
+ break;
+ }
if (PORT_Memcmp(dhPrime->data, prime_ike_1536,
sizeof(prime_ike_1536)) == 0) {
return &subprime_ike_1536;

View File

@ -0,0 +1,305 @@
# HG changeset patch
# User Robert Relyea <rrelyea@redhat.com>
# Date 1603492441 25200
# Node ID 33f920fcd1753d2b8f4a5e4f31e317c102d8cbfe
# Parent e3bd9c2f925932b301440fb07ea1228f2d4e39ac
Bug 1666891 - Add PK11_Pub{Wrap,Unwrap}SymKeyWithMechanism r=mt,rrelyea
Summary
This is useful for RSA-OAEP support.
The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS
be present for PKCS#11 calls. This provides required context for OAEP.
However, PK11_PubWrapSymKey lacks a way of providing this context and
historically silently converted CKM_RSA_PKCS_OAEP to CKM_RSA_PKCS when
a RSA key is provided. Introducing a new call will let us indicate
parameters and potentially support other mechanisms in the future.
This call mirrors the earlier calls introduced for RSA-PSS:
PK11_SignWithMechanism and PK11_VerifyWithMechanism.
The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS
be present for PKCS#11 calls. This provides required context for OAEP.
However, PK11_PubUnwrapSymKey lacks a way of providing this context,
and additionally lacked a way of indicating which mechanism type to use
for the unwrap operation (instead detecting it by key type). Introducing
a new call will let us indicate parameters and potentially support other
mechanisms in the future.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
Differential Revision: https://phabricator.services.mozilla.com/D93424
diff --git a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
--- a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
+++ b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
@@ -111,9 +111,76 @@ INSTANTIATE_TEST_CASE_P(
INSTANTIATE_TEST_CASE_P(
WycheproofOaep2048Sha512Sha1Test, RsaOaepWycheproofTest,
::testing::ValuesIn(kRsaOaep2048Sha512Mgf1Sha1WycheproofVectors));
INSTANTIATE_TEST_CASE_P(
WycheproofOaep2048Sha512Sha512Test, RsaOaepWycheproofTest,
::testing::ValuesIn(kRsaOaep2048Sha512Mgf1Sha512WycheproofVectors));
+
+TEST(Pkcs11RsaOaepTest, TestOaepWrapUnwrap) {
+ const size_t kRsaKeyBits = 2048;
+ const size_t kwrappedBufLen = 4096;
+
+ SECStatus rv = SECFailure;
+
+ ScopedSECKEYPrivateKey priv;
+ ScopedSECKEYPublicKey pub;
+ PK11RSAGenParams rsa_params;
+ rsa_params.keySizeInBits = kRsaKeyBits;
+ rsa_params.pe = 65537;
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(slot, nullptr);
+
+ SECKEYPublicKey* p_pub_tmp = nullptr;
+ priv.reset(PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN,
+ &rsa_params, &p_pub_tmp, false, false,
+ nullptr));
+ pub.reset(p_pub_tmp);
+
+ ASSERT_NE(priv.get(), nullptr);
+ ASSERT_NE(pub.get(), nullptr);
+
+ ScopedPK11SymKey to_wrap(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+
+ CK_RSA_PKCS_OAEP_PARAMS oaep_params = {CKM_SHA256, CKG_MGF1_SHA256,
+ CKZ_DATA_SPECIFIED, NULL, 0};
+
+ SECItem param = {siBuffer, (unsigned char*)&oaep_params, sizeof(oaep_params)};
+
+ ScopedSECItem wrapped(SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen));
+ rv = PK11_PubWrapSymKeyWithMechanism(pub.get(), CKM_RSA_PKCS_OAEP, &param,
+ to_wrap.get(), wrapped.get());
+ ASSERT_EQ(rv, SECSuccess);
+
+ PK11SymKey* p_unwrapped_tmp = nullptr;
+
+ // This fails because this method is broken and assumes CKM_RSA_PKCS and
+ // doesn't understand OAEP.
+ p_unwrapped_tmp = PK11_PubUnwrapSymKey(priv.get(), wrapped.get(), CKM_AES_CBC,
+ CKA_DECRYPT, 16);
+ ASSERT_EQ(p_unwrapped_tmp, nullptr);
+
+ ScopedPK11SymKey unwrapped;
+ p_unwrapped_tmp = PK11_PubUnwrapSymKeyWithMechanism(
+ priv.get(), CKM_RSA_PKCS_OAEP, &param, wrapped.get(), CKM_AES_CBC,
+ CKA_DECRYPT, 16);
+ ASSERT_NE(p_unwrapped_tmp, nullptr);
+
+ unwrapped.reset(p_unwrapped_tmp);
+
+ // Extract key's value in order to validate decryption worked.
+ rv = PK11_ExtractKeyValue(to_wrap.get());
+ ASSERT_EQ(rv, SECSuccess);
+
+ rv = PK11_ExtractKeyValue(unwrapped.get());
+ ASSERT_EQ(rv, SECSuccess);
+
+ // References owned by PKCS#11 layer; no need to scope and free.
+ SECItem* expectedItem = PK11_GetKeyData(to_wrap.get());
+ SECItem* actualItem = PK11_GetKeyData(unwrapped.get());
+
+ ASSERT_EQ(SECITEM_CompareItem(actualItem, expectedItem), 0);
+}
} // namespace nss_test
diff --git a/lib/nss/nss.def b/lib/nss/nss.def
--- a/lib/nss/nss.def
+++ b/lib/nss/nss.def
@@ -1181,3 +1181,10 @@ SECMOD_GetSystemFIPSEnabled;
;+ local:
;+ *;
;+};
+;+NSS_3.59 { # NSS 3.59 release
+;+ global:
+PK11_PubWrapSymKeyWithMechanism;
+PK11_PubUnwrapSymKeyWithMechanism;
+;+ local:
+;+ *;
+;+};
diff --git a/lib/pk11wrap/pk11pub.h b/lib/pk11wrap/pk11pub.h
--- a/lib/pk11wrap/pk11pub.h
+++ b/lib/pk11wrap/pk11pub.h
@@ -352,16 +352,21 @@ void PK11_SetSymKeyUserData(PK11SymKey *
* will return NULL. Returned data is still owned and managed by the SymKey,
* the caller should not free the data.
*
*/
void *PK11_GetSymKeyUserData(PK11SymKey *symKey);
SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
PK11SymKey *symKey, SECItem *wrappedKey);
+SECStatus PK11_PubWrapSymKeyWithMechanism(SECKEYPublicKey *pubKey,
+ CK_MECHANISM_TYPE mechType,
+ SECItem *param,
+ PK11SymKey *symKey,
+ SECItem *wrappedKey);
SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
/* move a key to 'slot' optionally set the key attributes according to either
* operation or the flags and making the key permanent at the same time.
* If the key is moved to the same slot, operation and flags values are
* currently ignored */
PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
CK_FLAGS flags, PRBool perm, PK11SymKey *symKey);
@@ -446,16 +451,23 @@ PK11SymKey *PK11_UnwrapSymKeyWithFlagsPe
* PK11_PubUnwrap returns a key which can do exactly one operation, and is
* ephemeral (session key).
* PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can
* use * CKF_ flags to enable more than one operation, and optionally make
* the key permanent (token key).
*/
PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
+PK11SymKey *PK11_PubUnwrapSymKeyWithMechanism(SECKEYPrivateKey *key,
+ CK_MECHANISM_TYPE mechType,
+ SECItem *param,
+ SECItem *wrapppedKey,
+ CK_MECHANISM_TYPE target,
+ CK_ATTRIBUTE_TYPE operation,
+ int keySize);
PK11SymKey *PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
SECItem *wrappedKey, CK_MECHANISM_TYPE target,
CK_ATTRIBUTE_TYPE operation, int keySize,
CK_FLAGS flags, PRBool isPerm);
PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
SECItem *keyID, void *wincx);
SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force);
SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey);
diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c
--- a/lib/pk11wrap/pk11skey.c
+++ b/lib/pk11wrap/pk11skey.c
@@ -1270,53 +1270,69 @@ PK11_ConvertSessionSymKeyToTokenSymKey(P
PORT_SetError(PK11_MapError(crv));
return NULL;
}
return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin,
symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/);
}
-/*
- * This function does a straight public key wrap (which only RSA can do).
- * Use PK11_PubGenKey and PK11_WrapSymKey to implement the FORTEZZA and
- * Diffie-Hellman Ciphers. */
+/* This function does a straight public key wrap with the CKM_RSA_PKCS
+ * mechanism. */
SECStatus
PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
PK11SymKey *symKey, SECItem *wrappedKey)
{
+ CK_MECHANISM_TYPE inferred = pk11_mapWrapKeyType(pubKey->keyType);
+ return PK11_PubWrapSymKeyWithMechanism(pubKey, inferred, NULL, symKey,
+ wrappedKey);
+}
+
+/* This function wraps a symmetric key with a public key, such as with the
+ * CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP mechanisms. */
+SECStatus
+PK11_PubWrapSymKeyWithMechanism(SECKEYPublicKey *pubKey,
+ CK_MECHANISM_TYPE mechType, SECItem *param,
+ PK11SymKey *symKey, SECItem *wrappedKey)
+{
PK11SlotInfo *slot;
CK_ULONG len = wrappedKey->len;
PK11SymKey *newKey = NULL;
CK_OBJECT_HANDLE id;
CK_MECHANISM mechanism;
PRBool owner = PR_TRUE;
CK_SESSION_HANDLE session;
CK_RV crv;
if (symKey == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* if this slot doesn't support the mechanism, go to a slot that does */
- newKey = pk11_ForceSlot(symKey, type, CKA_ENCRYPT);
+ newKey = pk11_ForceSlot(symKey, mechType, CKA_ENCRYPT);
if (newKey != NULL) {
symKey = newKey;
}
if (symKey->slot == NULL) {
PORT_SetError(SEC_ERROR_NO_MODULE);
return SECFailure;
}
slot = symKey->slot;
- mechanism.mechanism = pk11_mapWrapKeyType(pubKey->keyType);
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
+
+ mechanism.mechanism = mechType;
+ if (param == NULL) {
+ mechanism.pParameter = NULL;
+ mechanism.ulParameterLen = 0;
+ } else {
+ mechanism.pParameter = param->data;
+ mechanism.ulParameterLen = param->len;
+ }
id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
if (id == CK_INVALID_HANDLE) {
if (newKey) {
PK11_FreeSymKey(newKey);
}
return SECFailure; /* Error code has been set. */
}
@@ -2878,30 +2894,43 @@ PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKe
templateCount = attrs - keyTemplate;
templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
wrapType, param, wrappedKey, target, operation, keySize,
wrappingKey->cx, keyTemplate, templateCount, isPerm);
}
-/* unwrap a symetric key with a private key. */
+/* unwrap a symmetric key with a private key. Only supports CKM_RSA_PKCS. */
PK11SymKey *
PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey,
CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
{
CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
+
+ return PK11_PubUnwrapSymKeyWithMechanism(wrappingKey, wrapType, NULL,
+ wrappedKey, target, operation,
+ keySize);
+}
+
+/* unwrap a symmetric key with a private key with the given parameters. */
+PK11SymKey *
+PK11_PubUnwrapSymKeyWithMechanism(SECKEYPrivateKey *wrappingKey,
+ CK_MECHANISM_TYPE mechType, SECItem *param,
+ SECItem *wrappedKey, CK_MECHANISM_TYPE target,
+ CK_ATTRIBUTE_TYPE operation, int keySize)
+{
PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)) {
PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
}
- return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
- wrapType, NULL, wrappedKey, target, operation, keySize,
+ return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, mechType, param,
+ wrappedKey, target, operation, keySize,
wrappingKey->wincx, NULL, 0, PR_FALSE);
}
/* unwrap a symetric key with a private key. */
PK11SymKey *
PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey,
SECItem *wrappedKey, CK_MECHANISM_TYPE target,
CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)

View File

@ -0,0 +1,39 @@
diff -up ./lib/pk11wrap/pk11pars.c.policy_revert ./lib/pk11wrap/pk11pars.c
--- ./lib/pk11wrap/pk11pars.c.policy_revert 2020-11-04 10:26:59.085300799 -0800
+++ ./lib/pk11wrap/pk11pars.c 2020-11-04 10:29:52.774239468 -0800
@@ -391,12 +391,6 @@ static const oidValDef signOptList[] = {
/* Signatures */
{ CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE,
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
- { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION,
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
- { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
- { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY,
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
};
typedef struct {
@@ -412,7 +406,7 @@ static const algListsDef algOptLists[] =
{ macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE },
{ cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE },
{ kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE },
- { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE },
+ { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE },
};
static const optionFreeDef sslOptList[] = {
diff -up ./tests/ssl/sslpolicy.txt.policy_revert ./tests/ssl/sslpolicy.txt
--- ./tests/ssl/sslpolicy.txt.policy_revert 2020-11-04 10:31:20.837715397 -0800
+++ ./tests/ssl/sslpolicy.txt 2020-11-04 10:33:19.598357223 -0800
@@ -193,7 +193,9 @@
1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow
1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly
0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly
- 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly
+# rsa-pkcs, rsa-pss, and ecdsa policy checking reverted in rhel8 for binary
+# compatibility reasons
+# 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly
# test default settings
# NOTE: tstclient will attempt to overide the defaults, so we detect we
# were successful by locking in our settings

View File

@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: %{nss_version} Version: %{nss_version}
Release: 11%{?dist} Release: 17%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version} Requires: nspr >= %{nspr_version}
@ -93,6 +93,7 @@ Source26: key4.db.xml
Source27: secmod.db.xml Source27: secmod.db.xml
Source28: nss-p11-kit.config Source28: nss-p11-kit.config
Source29: nss-softokn-cavs-1.0.tar.gz Source29: nss-softokn-cavs-1.0.tar.gz
Source30: PayPalEE.cert
# To inject hardening flags for DSO # To inject hardening flags for DSO
Patch1: nss-dso-ldflags.patch Patch1: nss-dso-ldflags.patch
@ -142,6 +143,32 @@ Patch226: nss-disable-dc.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822
Patch227: nss-3.53.1-remove-timing-tests.patch Patch227: nss-3.53.1-remove-timing-tests.patch
Patch228: nss-3.53.1-cmac-kdf-selftests.patch
Patch229: nss-3.53.1-measure-fix.patch
Patch230: nss-3.53.1-no-small-primes.patch
Patch231: nss-3.53.1-no-small-primes-tests.patch
#Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1666891
Patch232: nss-3.53.1-oaep-api.patch
#Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1670835
Patch233: nss-3.53.1-enable-disable-policy.patch
# not everything in that patch is appropriate for rhel8 since it requires
# changes to the policy generator to wind up with a working system
Patch234: nss-3.53.1-revert_rhel8_unsafe_policy_change.patch
#Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
# CVE-2020-12403
Patch235: nss-3.53.1-chacha-len.patch
Patch236: nss-3.53.1-chacha-multi.patch
# CVE-2020-12400
# CVE-2020-6829
Patch237: nss-3.53.1-constant-time-p384.patch
Patch238: nss-3.53.1-constant-time-p521.patch
# IKE fix
Patch239: nss-3.53.1-ike-app-b-fix.patch
# For compatibility reasons, we stick with the old PKCS #11 2.40 # For compatibility reasons, we stick with the old PKCS #11 2.40
# definition of CK_GCM_PARAMS: # definition of CK_GCM_PARAMS:
%if 0%{?fedora} < 34 %if 0%{?fedora} < 34
@ -286,6 +313,8 @@ popd
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353 # https://bugzilla.redhat.com/show_bug.cgi?id=1247353
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \; find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
#update paypal cert (git binary patches don't work with autopatch)
cp %{SOURCE30} nss/tests/libpkix/certs/
%build %build
@ -919,6 +948,33 @@ update-crypto-policies --no-reload &> /dev/null || :
%changelog %changelog
* Thu Dec 3 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-17
- Fix various corner cases with ike v1 app b support.
* Thu Nov 19 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-16
- Fix the following CVE
- CVE-2020-12403 chacha-poly issues
- CVE-2020-12400 constant time ECC.
- CVE-2020-6829 constant time ECC.
* Wed Nov 4 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-15
- Revert some policy changes the generate ABI runtime issues.
* Thu Oct 29 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-14
- Add support for enable/disable in policy. Now if your policy
file has disallow=x enable=y it will act just like our other
libraries.
* Mon Oct 26 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-13
- Add OAEP interface so applications can wrap keys with RSA-OAEP
rather than RSA-PKCS-1.
* Mon Oct 19 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-12
- fips need to reject small primes even if they are approved
- code to autodetect whether or not to use the cache needs to do so
in a way that doesn't mess with filesystem negative file caching.
- add kdf selftests
* Thu Jul 30 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-11 * Thu Jul 30 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-11
- Fix issue with upgradedb where upgradedb expects standard to - Fix issue with upgradedb where upgradedb expects standard to
generate dbm databases, not sql databases (default in RHEL8) generate dbm databases, not sql databases (default in RHEL8)