Merge branch 'f16'
This commit is contained in:
commit
2980194bf3
19
nofipstest.patch
Normal file
19
nofipstest.patch
Normal file
@ -0,0 +1,19 @@
|
||||
diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
|
||||
--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800
|
||||
+++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800
|
||||
@@ -54,7 +54,6 @@ DIRS = lib \
|
||||
dbtest \
|
||||
derdump \
|
||||
digest \
|
||||
- fipstest \
|
||||
makepqg \
|
||||
multinit \
|
||||
ocspclnt \
|
||||
@@ -84,6 +83,7 @@ DIRS = lib \
|
||||
$(NULL)
|
||||
|
||||
TEMPORARILY_DONT_BUILD = \
|
||||
+ fipstest \
|
||||
$(NULL)
|
||||
|
||||
# rsaperf \
|
618
nosha224.patch
Normal file
618
nosha224.patch
Normal file
@ -0,0 +1,618 @@
|
||||
diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk
|
||||
--- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800
|
||||
+++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800
|
||||
@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3
|
||||
USE_SYSTEM_FREEBL = 1
|
||||
FREEBL_LIBS = -lfreebl3
|
||||
|
||||
+#
|
||||
+# Don't compile code that requires SHA224 if it isn't avilable
|
||||
+# Such is the case when system freebl/softokn is the 3.12 one
|
||||
+#
|
||||
+ifdef NO_SHA224_AVAILABLE
|
||||
+CFLAGS+=-DNO_SHA224_AVAILABLE
|
||||
+endif
|
||||
+
|
||||
# The -rpath '$$ORIGIN' linker option instructs this library to search for its
|
||||
# dependencies in the same directory where it resides.
|
||||
ifeq ($(BUILD_SUN_PKG), 1)
|
||||
diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c
|
||||
--- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800
|
||||
@@ -686,7 +686,9 @@ typedef enum {
|
||||
bltestMD2, /* Hash algorithms */
|
||||
bltestMD5, /* . */
|
||||
bltestSHA1, /* . */
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
bltestSHA224, /* . */
|
||||
+#endif
|
||||
bltestSHA256, /* . */
|
||||
bltestSHA384, /* . */
|
||||
bltestSHA512, /* . */
|
||||
@@ -721,7 +723,9 @@ static char *mode_strings[] =
|
||||
"md2",
|
||||
"md5",
|
||||
"sha1",
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
"sha224",
|
||||
+#endif
|
||||
"sha256",
|
||||
"sha384",
|
||||
"sha512",
|
||||
@@ -1761,6 +1765,7 @@ finish:
|
||||
return rv;
|
||||
}
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
SECStatus
|
||||
SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
|
||||
{
|
||||
@@ -1800,6 +1805,7 @@ finish:
|
||||
SHA224_DestroyContext(cx, PR_TRUE);
|
||||
return rv;
|
||||
}
|
||||
+#endif
|
||||
|
||||
SECStatus
|
||||
SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
|
||||
@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
|
||||
cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
|
||||
return SECSuccess;
|
||||
break;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case bltestSHA224:
|
||||
restart = cipherInfo->params.hash.restart;
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
|
||||
cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
|
||||
: SHA224_HashBuf;
|
||||
return SECSuccess;
|
||||
+#endif
|
||||
break;
|
||||
case bltestSHA256:
|
||||
restart = cipherInfo->params.hash.restart;
|
||||
@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf
|
||||
case bltestMD2: /* hash contexts are ephemeral */
|
||||
case bltestMD5:
|
||||
case bltestSHA1:
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case bltestSHA224:
|
||||
+#endif
|
||||
case bltestSHA256:
|
||||
case bltestSHA384:
|
||||
case bltestSHA512:
|
||||
@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar
|
||||
case bltestMD2:
|
||||
case bltestMD5:
|
||||
case bltestSHA1:
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case bltestSHA224:
|
||||
+#endif
|
||||
case bltestSHA256:
|
||||
case bltestSHA384:
|
||||
case bltestSHA512:
|
||||
diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c
|
||||
--- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800
|
||||
+++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800
|
||||
@@ -41,6 +41,10 @@
|
||||
#include "blapi.h"
|
||||
#include "secutil.h"
|
||||
|
||||
+#ifdef NO_SHA224_AVAILABLE
|
||||
+PRBool BLAPI_SHVerifyFile(const char *shName);
|
||||
+#endif
|
||||
+
|
||||
static int Usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
|
||||
diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c
|
||||
--- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700
|
||||
+++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800
|
||||
@@ -86,6 +86,14 @@ static char consoleName[] = {
|
||||
#include "nssutil.h"
|
||||
#include "ssl.h"
|
||||
|
||||
+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
|
||||
+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
|
||||
+ * but invisible here for some reason
|
||||
+ */
|
||||
+#ifndef CERTDB_TERMINAL_RECORD
|
||||
+#define CERTDB_TERMINAL_RECORD (1<<0)
|
||||
+#endif
|
||||
+
|
||||
|
||||
void
|
||||
SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
|
||||
@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[]
|
||||
{ 0 }
|
||||
};
|
||||
|
||||
+/* if no sha224 then no psapss either */
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
void
|
||||
secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
|
||||
{
|
||||
@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
|
||||
}
|
||||
PORT_FreeArena(pool, PR_FALSE);
|
||||
}
|
||||
+#endif
|
||||
|
||||
void
|
||||
secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
|
||||
@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo
|
||||
return;
|
||||
}
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
|
||||
secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
|
||||
return;
|
||||
}
|
||||
+#endif
|
||||
|
||||
if (a->parameters.len == 0
|
||||
|| (a->parameters.len == 2
|
||||
@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char
|
||||
hashAlgTag = SEC_OID_MD5;
|
||||
} else if (!PL_strcmp(alg, "SHA1")) {
|
||||
hashAlgTag = SEC_OID_SHA1;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
} else if (!PL_strcmp(alg, "SHA224")) {
|
||||
hashAlgTag = SEC_OID_SHA224;
|
||||
+#endif
|
||||
} else if (!PL_strcmp(alg, "SHA256")) {
|
||||
hashAlgTag = SEC_OID_SHA256;
|
||||
} else if (!PL_strcmp(alg, "SHA384")) {
|
||||
diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
|
||||
--- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800
|
||||
+++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800
|
||||
@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR
|
||||
|
||||
mech_str digestMechs[] = {
|
||||
{CKM_SHA_1, "CKM_SHA_1 "},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{CKM_SHA224, "CKM_SHA224"},
|
||||
+#endif
|
||||
{CKM_SHA256, "CKM_SHA256"},
|
||||
{CKM_SHA384, "CKM_SHA384"},
|
||||
{CKM_SHA512, "CKM_SHA512"}
|
||||
};
|
||||
mech_str hmacMechs[] = {
|
||||
{CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
|
||||
+#endif
|
||||
{CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
|
||||
{CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
|
||||
{CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
|
||||
};
|
||||
mech_str sigRSAMechs[] = {
|
||||
{CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
|
||||
+#endif
|
||||
{CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
|
||||
{CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
|
||||
{CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
|
||||
diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c
|
||||
--- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800
|
||||
@@ -91,10 +91,12 @@ sha1_NewContext(void) {
|
||||
return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
|
||||
}
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
static void *
|
||||
sha224_NewContext(void) {
|
||||
return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
|
||||
}
|
||||
+#endif
|
||||
|
||||
static void *
|
||||
sha256_NewContext(void) {
|
||||
@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = {
|
||||
SHA512_BLOCK_LENGTH,
|
||||
HASH_AlgSHA512
|
||||
},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{ SHA224_LENGTH,
|
||||
(void * (*)(void)) sha224_NewContext,
|
||||
(void * (*)(void *)) PK11_CloneContext,
|
||||
@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = {
|
||||
SHA224_BLOCK_LENGTH,
|
||||
HASH_AlgSHA224
|
||||
},
|
||||
+#endif
|
||||
};
|
||||
|
||||
const SECHashObject *
|
||||
@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO
|
||||
case SEC_OID_MD2: ht = HASH_AlgMD2; break;
|
||||
case SEC_OID_MD5: ht = HASH_AlgMD5; break;
|
||||
case SEC_OID_SHA1: ht = HASH_AlgSHA1; break;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
|
||||
+#endif
|
||||
case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
|
||||
case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
|
||||
case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
|
||||
@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
|
||||
/* no oid exists for HMAC_MD2 */
|
||||
/* NSS does not define a oid for HMAC_MD4 */
|
||||
case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
|
||||
+#endif
|
||||
case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
|
||||
case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
|
||||
case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
|
||||
@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
|
||||
/* no oid exists for HMAC_MD2 */
|
||||
/* NSS does not define a oid for HMAC_MD4 */
|
||||
case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
|
||||
+#endif
|
||||
case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
|
||||
case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
|
||||
case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
|
||||
diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c
|
||||
--- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800
|
||||
@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) {
|
||||
* should be handing us a cipher type */
|
||||
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
|
||||
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
|
||||
+#endif
|
||||
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
|
||||
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
|
||||
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
|
||||
diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c
|
||||
--- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800
|
||||
@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
|
||||
case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
|
||||
*hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
|
||||
break;
|
||||
-
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
|
||||
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
|
||||
*hashalg = SEC_OID_SHA224;
|
||||
break;
|
||||
+#endif
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
|
||||
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
|
||||
*hashalg = SEC_OID_SHA256;
|
||||
@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
|
||||
len = SECKEY_PublicKeyStrength(key);
|
||||
if (len < 28) { /* 28 bytes == 224 bits */
|
||||
*hashalg = SEC_OID_SHA1;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
} else if (len < 32) { /* 32 bytes == 256 bits */
|
||||
*hashalg = SEC_OID_SHA224;
|
||||
+#endif
|
||||
} else if (len < 48) { /* 48 bytes == 384 bits */
|
||||
*hashalg = SEC_OID_SHA256;
|
||||
} else if (len < 64) { /* 48 bytes == 512 bits */
|
||||
@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
|
||||
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
|
||||
case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
|
||||
case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
|
||||
+#endif
|
||||
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
|
||||
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
|
||||
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
|
||||
@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
|
||||
*encalg = SEC_OID_MISSI_DSS;
|
||||
break;
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
|
||||
+#endif
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
|
||||
case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
|
||||
diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h
|
||||
--- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800
|
||||
@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi
|
||||
extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
|
||||
|
||||
/******************************************/
|
||||
-
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
extern SHA224Context *SHA224_NewContext(void);
|
||||
extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
|
||||
extern void SHA224_Begin(SHA224Context *cx);
|
||||
@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S
|
||||
extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
|
||||
extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
|
||||
extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
|
||||
+#endif
|
||||
|
||||
/******************************************/
|
||||
|
||||
diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c
|
||||
--- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800
|
||||
@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect
|
||||
JPAKE_Verify,
|
||||
JPAKE_Round2,
|
||||
JPAKE_Final,
|
||||
-
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
/* End of Version 3.012 */
|
||||
|
||||
TLS_P_hash,
|
||||
@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect
|
||||
SHA224_Resurrect,
|
||||
SHA224_Clone,
|
||||
BLAPI_SHVerifyFile
|
||||
-
|
||||
+#endif
|
||||
/* End of Version 3.013 */
|
||||
};
|
||||
|
||||
diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c
|
||||
--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800
|
||||
@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void )
|
||||
0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
|
||||
0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
|
||||
0xe0,0x68,0x47,0x7a};
|
||||
-
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
/* SHA-224 Known Digest Message (224-bits). */
|
||||
static const PRUint8 sha224_known_digest[] = {
|
||||
0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb,
|
||||
0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
|
||||
0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
|
||||
0x9a,0xb8,0x98,0x4e};
|
||||
-
|
||||
+#endif
|
||||
/* SHA-256 Known Digest Message (256-bits). */
|
||||
static const PRUint8 sha256_known_digest[] = {
|
||||
0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
|
||||
@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
|
||||
( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
|
||||
SHA1_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
-
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
/***************************************************/
|
||||
/* SHA-224 Single-Round Known Answer Hashing Test. */
|
||||
/***************************************************/
|
||||
@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
|
||||
( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
|
||||
SHA224_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
-
|
||||
+#endif
|
||||
/***************************************************/
|
||||
/* SHA-256 Single-Round Known Answer Hashing Test. */
|
||||
/***************************************************/
|
||||
diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c
|
||||
--- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800
|
||||
@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[]
|
||||
SHA512_BLOCK_LENGTH,
|
||||
HASH_AlgSHA512
|
||||
},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{ SHA224_LENGTH,
|
||||
(void * (*)(void)) SHA224_NewContext,
|
||||
(void * (*)(void *)) null_hash_clone_context,
|
||||
@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[]
|
||||
SHA224_BLOCK_LENGTH,
|
||||
HASH_AlgSHA224
|
||||
},
|
||||
+#endif
|
||||
};
|
||||
|
||||
const SECHashObject *
|
||||
diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c
|
||||
--- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800
|
||||
@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S
|
||||
memcpy(dest, src, sizeof *dest);
|
||||
}
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
/* ============= SHA224 implementation ================================== */
|
||||
|
||||
/* SHA-224 initial hash values */
|
||||
@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S
|
||||
{
|
||||
SHA256_Clone(dest, src);
|
||||
}
|
||||
-
|
||||
+#endif
|
||||
|
||||
/* ======= SHA512 and SHA384 common constants and defines ================= */
|
||||
|
||||
diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c
|
||||
--- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800
|
||||
@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
|
||||
0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
|
||||
0x5d, 0x0e, 0x1e, 0x11};
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
/* known SHA224 hmac (28 bytes) */
|
||||
static const PRUint8 known_SHA224_hmac[] = {
|
||||
0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
|
||||
0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
|
||||
0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
|
||||
0x9a, 0xb8, 0x98, 0x4e};
|
||||
+#endif
|
||||
|
||||
/* known SHA256 hmac (32 bytes) */
|
||||
static const PRUint8 known_SHA256_hmac[] = {
|
||||
@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
|
||||
/* HMAC SHA-224 Single-Round Known Answer Test. */
|
||||
/***************************************************/
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
hmac_status = sftk_fips_HMAC(hmac_computed,
|
||||
HMAC_known_secret_key,
|
||||
HMAC_known_secret_key_length,
|
||||
@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
|
||||
( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
|
||||
SHA224_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
+#endif
|
||||
|
||||
/***************************************************/
|
||||
/* HMAC SHA-256 Single-Round Known Answer Test. */
|
||||
@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void )
|
||||
0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
|
||||
0xe0,0x68,0x47,0x7a};
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
/* SHA-224 Known Digest Message (224-bits). */
|
||||
static const PRUint8 sha224_known_digest[] = {
|
||||
0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
|
||||
0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
|
||||
0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
|
||||
0x8e,0x08,0xe5,0xcb};
|
||||
+#endif
|
||||
|
||||
/* SHA-256 Known Digest Message (256-bits). */
|
||||
static const PRUint8 sha256_known_digest[] = {
|
||||
@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
|
||||
/* SHA-224 Single-Round Known Answer Hashing Test. */
|
||||
/***************************************************/
|
||||
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
|
||||
( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
|
||||
SHA224_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
+#endif
|
||||
|
||||
/***************************************************/
|
||||
/* SHA-256 Single-Round Known Answer Hashing Test. */
|
||||
diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c
|
||||
--- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800
|
||||
@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h
|
||||
INIT_MECH(CKM_MD2, MD2)
|
||||
INIT_MECH(CKM_MD5, MD5)
|
||||
INIT_MECH(CKM_SHA_1, SHA1)
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
INIT_MECH(CKM_SHA224, SHA224)
|
||||
+#endif
|
||||
INIT_MECH(CKM_SHA256, SHA256)
|
||||
INIT_MECH(CKM_SHA384, SHA384)
|
||||
INIT_MECH(CKM_SHA512, SHA512)
|
||||
@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co
|
||||
DOSUB(MD2)
|
||||
DOSUB(MD5)
|
||||
DOSUB(SHA1)
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
DOSUB(SHA224)
|
||||
+#endif
|
||||
DOSUB(SHA256)
|
||||
DOSUB(SHA384)
|
||||
DOSUB(SHA512)
|
||||
@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
|
||||
INIT_RSA_SIGN_MECH(MD5)
|
||||
INIT_RSA_SIGN_MECH(MD2)
|
||||
INIT_RSA_SIGN_MECH(SHA1)
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
INIT_RSA_SIGN_MECH(SHA224)
|
||||
+#endif
|
||||
INIT_RSA_SIGN_MECH(SHA256)
|
||||
INIT_RSA_SIGN_MECH(SHA384)
|
||||
INIT_RSA_SIGN_MECH(SHA512)
|
||||
@@ -2131,7 +2137,9 @@ finish_rsa:
|
||||
|
||||
INIT_HMAC_MECH(MD2)
|
||||
INIT_HMAC_MECH(MD5)
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
INIT_HMAC_MECH(SHA224)
|
||||
+#endif
|
||||
INIT_HMAC_MECH(SHA256)
|
||||
INIT_HMAC_MECH(SHA384)
|
||||
INIT_HMAC_MECH(SHA512)
|
||||
@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
|
||||
INIT_RSA_VFY_MECH(MD5)
|
||||
INIT_RSA_VFY_MECH(MD2)
|
||||
INIT_RSA_VFY_MECH(SHA1)
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
INIT_RSA_VFY_MECH(SHA224)
|
||||
+#endif
|
||||
INIT_RSA_VFY_MECH(SHA256)
|
||||
INIT_RSA_VFY_MECH(SHA384)
|
||||
INIT_RSA_VFY_MECH(SHA512)
|
||||
@@ -2626,7 +2636,9 @@ finish_rsa:
|
||||
|
||||
INIT_HMAC_MECH(MD2)
|
||||
INIT_HMAC_MECH(MD5)
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
INIT_HMAC_MECH(SHA224)
|
||||
+#endif
|
||||
INIT_HMAC_MECH(SHA256)
|
||||
INIT_HMAC_MECH(SHA384)
|
||||
INIT_HMAC_MECH(SHA512)
|
||||
diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c
|
||||
--- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800
|
||||
+++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800
|
||||
@@ -311,8 +311,10 @@ static const struct mechanismList mechan
|
||||
CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
|
||||
CKF_SN_VR}, PR_TRUE},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
|
||||
CKF_SN_VR}, PR_TRUE},
|
||||
+#endif
|
||||
{CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
|
||||
CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
|
||||
@@ -401,9 +403,11 @@ static const struct mechanismList mechan
|
||||
{CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE},
|
||||
{CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
{CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE},
|
||||
{CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
+#endif
|
||||
{CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE},
|
||||
{CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c
|
||||
--- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800
|
||||
@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY
|
||||
case CKM_SHA_1:
|
||||
case CKG_MGF1_SHA1:
|
||||
return HASH_AlgSHA1;
|
||||
+#ifndef NO_SHA224_AVAILABLE
|
||||
case CKM_SHA224:
|
||||
case CKG_MGF1_SHA224:
|
||||
return HASH_AlgSHA224;
|
||||
+#endif
|
||||
case CKM_SHA256:
|
||||
case CKG_MGF1_SHA256:
|
||||
return HASH_AlgSHA256;
|
||||
diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt
|
||||
--- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700
|
||||
+++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800
|
||||
@@ -73,7 +73,6 @@
|
||||
0 md2_-H MD2_Hash
|
||||
0 md5_-H MD5_Hash
|
||||
0 sha1_-H SHA1_Hash
|
||||
- 0 sha224_-H SHA224_Hash
|
||||
0 sha256_-H SHA256_Hash
|
||||
0 sha384_-H SHA384_Hash
|
||||
0 sha512_-H SHA512_Hash
|
56
nss.spec
56
nss.spec
@ -1,26 +1,25 @@
|
||||
%global nspr_version 4.8.9
|
||||
%global nss_util_version 3.13.1
|
||||
%global nss_softokn_version 3.13.1
|
||||
%global nss_softokn_fips_version 3.12.9
|
||||
%global nss_softokn_version 3.13.1
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.13.1
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
Requires: nspr >= %{nspr_version}
|
||||
Requires: nss-util >= %{nss_util_version}
|
||||
# TODO: change from nss_softokn_fips_version back to nss_softokn_version
|
||||
# once we are done with the merge
|
||||
# TODO: revert to same version as nss once we are done with the merge
|
||||
Requires: nss-softokn%{_isa} >= %{nss_softokn_fips_version}
|
||||
Requires: nss-system-init
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
# TODO: change from nss_softokn_fips_version back to nss_softokn_version
|
||||
# once we are done with the merge
|
||||
# TODO: revert to same version as nss once we are done with the merge
|
||||
# Using '>=' but on RHEL the requires should be '='
|
||||
BuildRequires: nss-softokn-devel >= %{nss_softokn_fips_version}
|
||||
BuildRequires: nss-util-devel >= %{nss_util_version}
|
||||
BuildRequires: sqlite-devel
|
||||
@ -65,7 +64,14 @@ Patch20: nsspem-createobject-initialize-pointer.patch
|
||||
Patch21: 0001-libnsspem-rhbz-734760.patch
|
||||
Patch22: nsspem-init-inform-not-thread-safe.patch
|
||||
Patch23: nss-ckbi-1.88.rtm.patch
|
||||
Patch24: gnuc-minor-def-fix.patch
|
||||
# must statically link pem against the 3.12.x system freebl in the buildroot
|
||||
Patch25: nsspem-use-system-freebl.patch
|
||||
# don't compile the fipstest application
|
||||
Patch26: nofipstest.patch
|
||||
# sha224 isn't available we use 3.12 softokn
|
||||
Patch27: nosha224.patch
|
||||
# Get rid of it as soon as we can
|
||||
Patch28: terminalrecord.patch
|
||||
|
||||
|
||||
%description
|
||||
@ -126,7 +132,8 @@ Group: Development/Libraries
|
||||
Provides: nss-pkcs11-devel-static = %{version}-%{release}
|
||||
Requires: nss-devel = %{version}-%{release}
|
||||
# TODO: revert to using nss_softokn_version once we are done with
|
||||
# merging Rawhide into to the next RHEL version
|
||||
# the merge into to new rhel git repo
|
||||
# For RHEL we should have '=' instead of '>='
|
||||
Requires: nss-softokn-freebl-devel >= %{nss_softokn_fips_version}
|
||||
|
||||
%description pkcs11-devel
|
||||
@ -142,14 +149,18 @@ low level services.
|
||||
%patch3 -p0 -b .transitional
|
||||
%patch6 -p0 -b .libpem
|
||||
%patch7 -p0 -b .642433
|
||||
%patch8 -p1 -b .695011
|
||||
%patch8 -p1 -b .695011
|
||||
%patch16 -p0 -b .539183
|
||||
%patch18 -p0 -b .646045
|
||||
%patch20 -p1 -b .717338
|
||||
%patch21 -p1 -b .734760
|
||||
%patch22 -p0 -b .736410
|
||||
%patch23 -p0 -b .ckbi188
|
||||
%patch24 -p1 -b .gnuc-minor
|
||||
# link pem against buildroot's 3.12 freebl
|
||||
%patch25 -p0 -b .systemfreebl
|
||||
%patch26 -p0 -b .nofipstest
|
||||
%patch27 -p0 -b .nosha224
|
||||
%patch28 -p0 -b .terminalrecord
|
||||
|
||||
|
||||
%build
|
||||
@ -219,8 +230,9 @@ export NSS_ECC_MORE_THAN_SUITE_B
|
||||
# Set up our package file
|
||||
# The nspr_version and nss_{util|softokn}_version globals used
|
||||
# here match the ones nss has for its Requires.
|
||||
# TODO: change from nss_softokn_fips_version back to nss_softokn_version
|
||||
# once we are done with the merge
|
||||
# TODO: using %%{nss_softokn_fips_version} for rhel
|
||||
# but for fefora we will revert to nss_softokn_version after
|
||||
# the merge is completed
|
||||
%{__mkdir_p} ./mozilla/dist/pkgconfig
|
||||
%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
||||
-e "s,%%prefix%%,%{_prefix},g" \
|
||||
@ -229,7 +241,7 @@ export NSS_ECC_MORE_THAN_SUITE_B
|
||||
-e "s,%%NSS_VERSION%%,%{version},g" \
|
||||
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
|
||||
-e "s,%%SOFTOKEN_VERSION%%,%{nss_softokn_fips_version},g" > \
|
||||
-e "s,%%SOFTOKEN_VERSION%%,%{nss_softokn_version},g" > \
|
||||
./mozilla/dist/pkgconfig/nss.pc
|
||||
|
||||
NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
|
||||
@ -562,16 +574,16 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 28 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-5
|
||||
- Dropping the %%{?_isa} from Requires: nss-system-init as it causes problems
|
||||
* Sun Dec 04 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-6
|
||||
- Statically link the pem module against system freebl found in buildroot
|
||||
- Disabling sha224-related powerup selftest until we update softokn
|
||||
- Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support
|
||||
|
||||
* Sun Nov 27 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-4
|
||||
- Changed the minimum required softokn version to nss_softokn_fips_version
|
||||
- This is a temporary change to enable merging into the new rhel git repo
|
||||
- Using Requires: nss-system-init%%{?_isa} to prevent multilib install problems (rhbz#751694)
|
||||
|
||||
* Thu Nov 09 2011 Dan Williams <dcbw@redhat.com> - 3.13.1-3
|
||||
- Fix builds of packages that use NSS due to a small header file error
|
||||
* Fri Dec 02 2011 Elio Maldonado Batiz <emaldona@redhat.com> - 3.13.1-4
|
||||
- Rebuild with nss-softokn from 3.12 in the buildroot
|
||||
- Allows the pem module to statically link against 3.12.x freebl
|
||||
- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo
|
||||
- Build will be temprarily placed on buildroot override but not pushed in bodhi
|
||||
|
||||
* Fri Nov 04 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-2
|
||||
- Fix broken dependencies by updating the nss-util and nss-softokn versions
|
||||
|
16
nsspem-use-system-freebl.patch
Normal file
16
nsspem-use-system-freebl.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up ./mozilla/security/coreconf/Linux.mk.sytemfreebl ./mozilla/security/coreconf/Linux.mk
|
||||
--- ./mozilla/security/coreconf/Linux.mk.sytemfreebl 2011-12-03 22:07:23.924156119 -0800
|
||||
+++ ./mozilla/security/coreconf/Linux.mk 2011-12-03 22:08:28.322328345 -0800
|
||||
@@ -182,6 +182,12 @@ endif
|
||||
USE_SYSTEM_ZLIB = 1
|
||||
ZLIB_LIBS = -lz
|
||||
|
||||
+USE_SYSTEM_NSSUTIL = 1
|
||||
+NSSUTIL_LIBS = -lnssutil3
|
||||
+
|
||||
+USE_SYSTEM_FREEBL = 1
|
||||
+FREEBL_LIBS = -lfreebl3
|
||||
+
|
||||
# The -rpath '$$ORIGIN' linker option instructs this library to search for its
|
||||
# dependencies in the same directory where it resides.
|
||||
ifeq ($(BUILD_SUN_PKG), 1)
|
90
terminalrecord.patch
Normal file
90
terminalrecord.patch
Normal file
@ -0,0 +1,90 @@
|
||||
diff -up ./mozilla/security/nss/cmd/addbuiltin/addbuiltin.c.terminalrecord ./mozilla/security/nss/cmd/addbuiltin/addbuiltin.c
|
||||
--- ./mozilla/security/nss/cmd/addbuiltin/addbuiltin.c.terminalrecord 2011-12-04 21:15:47.660672521 -0800
|
||||
+++ ./mozilla/security/nss/cmd/addbuiltin/addbuiltin.c 2011-12-04 21:16:39.491674974 -0800
|
||||
@@ -52,6 +52,14 @@
|
||||
#include <io.h>
|
||||
#endif
|
||||
|
||||
+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
|
||||
+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
|
||||
+ * but invisible here for some reason
|
||||
+ */
|
||||
+#ifndef CERTDB_TERMINAL_RECORD
|
||||
+#define CERTDB_TERMINAL_RECORD (1<<0)
|
||||
+#endif
|
||||
+
|
||||
void dumpbytes(unsigned char *buf, int len)
|
||||
{
|
||||
int i;
|
||||
diff -up ./mozilla/security/nss/lib/certhigh/certvfy.c.terminalrecord ./mozilla/security/nss/lib/certhigh/certvfy.c
|
||||
--- ./mozilla/security/nss/lib/certhigh/certvfy.c.terminalrecord 2011-09-13 17:28:47.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/certhigh/certvfy.c 2011-12-04 21:14:01.683678605 -0800
|
||||
@@ -56,6 +56,14 @@
|
||||
#include "pki3hack.h"
|
||||
#include "base.h"
|
||||
|
||||
+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
|
||||
+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
|
||||
+ * but invisible here for some reason
|
||||
+ */
|
||||
+#ifndef CERTDB_TERMINAL_RECORD
|
||||
+#define CERTDB_TERMINAL_RECORD (1<<0)
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Check the validity times of a certificate
|
||||
*/
|
||||
diff -up ./mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c.terminalrecord ./mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
|
||||
--- ./mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c.terminalrecord 2011-09-14 16:16:16.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c 2011-12-04 21:14:01.684678605 -0800
|
||||
@@ -43,6 +43,14 @@
|
||||
|
||||
#include "pkix_pl_cert.h"
|
||||
|
||||
+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
|
||||
+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
|
||||
+ * but invisible here for some reason
|
||||
+ */
|
||||
+#ifndef CERTDB_TERMINAL_RECORD
|
||||
+#define CERTDB_TERMINAL_RECORD (1<<0)
|
||||
+#endif
|
||||
+
|
||||
extern PKIX_PL_HashTable *cachedCertSigTable;
|
||||
|
||||
/* --Private-Cert-Functions------------------------------------- */
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11nobj.c.terminalrecord ./mozilla/security/nss/lib/pk11wrap/pk11nobj.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11nobj.c.terminalrecord 2011-04-12 17:10:26.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11nobj.c 2011-12-04 21:14:01.685678605 -0800
|
||||
@@ -62,6 +62,14 @@
|
||||
#include "pki.h"
|
||||
#include "pkim.h"
|
||||
|
||||
+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
|
||||
+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
|
||||
+ * but invisible here for some reason
|
||||
+ */
|
||||
+#ifndef CERTDB_TERMINAL_RECORD
|
||||
+#define CERTDB_TERMINAL_RECORD (1<<0)
|
||||
+#endif
|
||||
+
|
||||
extern const NSSError NSS_ERROR_NOT_FOUND;
|
||||
|
||||
CK_TRUST
|
||||
diff -up ./mozilla/security/nss/lib/pki/pki3hack.c.terminalrecord ./mozilla/security/nss/lib/pki/pki3hack.c
|
||||
--- ./mozilla/security/nss/lib/pki/pki3hack.c.terminalrecord 2011-04-12 17:10:26.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/pki/pki3hack.c 2011-12-04 21:14:01.686678605 -0800
|
||||
@@ -76,6 +76,14 @@ static const char CVS_ID[] = "@(#) $RCSf
|
||||
#include "secmod.h"
|
||||
#include "nssrwlk.h"
|
||||
|
||||
+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
|
||||
+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
|
||||
+ * but invisible here for some reason
|
||||
+ */
|
||||
+#ifndef CERTDB_TERMINAL_RECORD
|
||||
+#define CERTDB_TERMINAL_RECORD (1<<0)
|
||||
+#endif
|
||||
+
|
||||
NSSTrustDomain *g_default_trust_domain = NULL;
|
||||
|
||||
NSSCryptoContext *g_default_crypto_context = NULL;
|
Loading…
Reference in New Issue
Block a user