import nss-3.79.0-14.el9_0
This commit is contained in:
parent
1f6c532230
commit
456ee9860c
173
SOURCES/fips_algorithms.h
Normal file
173
SOURCES/fips_algorithms.h
Normal file
@ -0,0 +1,173 @@
|
|||||||
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Vendors should replace this header file with the file containing those
|
||||||
|
* algorithms which have NIST algorithm Certificates.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* handle special cases. Classes require existing code to already be
|
||||||
|
* in place for that class */
|
||||||
|
typedef enum {
|
||||||
|
SFTKFIPSNone = 0,
|
||||||
|
SFTKFIPSDH, /* allow only specific primes */
|
||||||
|
SFTKFIPSECC, /* not just keys but specific curves */
|
||||||
|
SFTKFIPSAEAD /* single shot AEAD functions not allowed in FIPS mode */
|
||||||
|
} SFTKFIPSSpecialClass;
|
||||||
|
|
||||||
|
typedef struct SFTKFIPSAlgorithmListStr SFTKFIPSAlgorithmList;
|
||||||
|
struct SFTKFIPSAlgorithmListStr {
|
||||||
|
CK_MECHANISM_TYPE type;
|
||||||
|
CK_MECHANISM_INFO info;
|
||||||
|
CK_ULONG step;
|
||||||
|
SFTKFIPSSpecialClass special;
|
||||||
|
};
|
||||||
|
|
||||||
|
SFTKFIPSAlgorithmList sftk_fips_mechs[] = {
|
||||||
|
/* A sample set of algorithms to allow basic testing in our continous
|
||||||
|
* testing infrastructure. The vendor version should replace this with
|
||||||
|
* a version that matches their algorithm testing and security policy */
|
||||||
|
/* NOTE, This looks a lot like the PKCS #11 mechanism list in pkcs11.c, it
|
||||||
|
* differs in the following ways:
|
||||||
|
* 1) the addition of step and class elements to help restrict
|
||||||
|
* the supported key sizes and types.
|
||||||
|
* 2) The mechanism flags are restricted to only those that map to
|
||||||
|
* fips approved operations.
|
||||||
|
* 3) All key sizes are in bits, independent of mechanism.
|
||||||
|
* 4) You can add more then one entry for the same mechanism to handle
|
||||||
|
* multiple descrete keys where the MIN/MAX/STEP semantics doesn't apply
|
||||||
|
* or where different operations have different key requirements.
|
||||||
|
* This table does not encode all the modules legal FIPS semantics, only
|
||||||
|
* those semantics that might possibly change due to algorithms dropping
|
||||||
|
* of the security policy late in the process. */
|
||||||
|
/* handy common flag types */
|
||||||
|
#define CKF_KPG CKF_GENERATE_KEY_PAIR
|
||||||
|
#define CKF_GEN CKF_GENERATE
|
||||||
|
#define CKF_SGN (CKF_SIGN | CKF_VERIFY)
|
||||||
|
#define CKF_ENC (CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP)
|
||||||
|
#define CKF_KEK (CKF_WRAP | CKF_UNWRAP)
|
||||||
|
#define CKF_KEA CKF_DERIVE
|
||||||
|
#define CKF_KDF CKF_DERIVE
|
||||||
|
#define CKF_HSH CKF_DIGEST
|
||||||
|
#define CK_MAX 0xffffffffUL
|
||||||
|
/* mechanisms using the same key types share the same key type
|
||||||
|
* limits */
|
||||||
|
#define RSA_FB_KEY 2048, 4096 /* min, max */
|
||||||
|
#define RSA_FB_STEP 1
|
||||||
|
#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */
|
||||||
|
#define RSA_LEGACY_FB_STEP 256
|
||||||
|
|
||||||
|
#define DSA_FB_KEY 2048, 4096 /* min, max */
|
||||||
|
#define DSA_FB_STEP 1024
|
||||||
|
#define DH_FB_KEY 2048, 8192 /* min, max */
|
||||||
|
#define DH_FB_STEP 1024
|
||||||
|
#define EC_FB_KEY 256, 521 /* min, max */
|
||||||
|
#define EC_FB_STEP 1 /* key limits handled by special operation */
|
||||||
|
#define AES_FB_KEY 128, 256
|
||||||
|
#define AES_FB_STEP 64
|
||||||
|
{ CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
|
||||||
|
/* -------------- RSA Multipart Signing Operations -------------------- */
|
||||||
|
{ CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA224_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
/* ------------------------- DSA Operations --------------------------- */
|
||||||
|
{ CKM_DSA_SHA224, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_DSA_SHA256, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_DSA_SHA384, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_DSA_SHA512, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||||
|
/* -------------------- Diffie Hellman Operations --------------------- */
|
||||||
|
/* no diffie hellman yet */
|
||||||
|
{ CKM_DH_PKCS_KEY_PAIR_GEN, { DH_FB_KEY, CKF_KPG }, DH_FB_STEP, SFTKFIPSDH },
|
||||||
|
{ CKM_DH_PKCS_DERIVE, { DH_FB_KEY, CKF_KEA }, DH_FB_STEP, SFTKFIPSDH },
|
||||||
|
/* -------------------- Elliptic Curve Operations --------------------- */
|
||||||
|
{ CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC },
|
||||||
|
{ CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC },
|
||||||
|
{ CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||||
|
{ CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||||
|
{ CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||||
|
{ CKM_ECDSA_SHA512, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||||
|
/* ------------------------- RC2 Operations --------------------------- */
|
||||||
|
/* ------------------------- AES Operations --------------------------- */
|
||||||
|
{ CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_CTS, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_CTR, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_GCM, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSAEAD },
|
||||||
|
{ CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
{ CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||||
|
/* ------------------------- Hashing Operations ----------------------- */
|
||||||
|
{ CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA224_HMAC_GENERAL, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_HMAC, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_HMAC_GENERAL, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_HMAC, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_HMAC_GENERAL, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_HMAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_HMAC_GENERAL, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
/* --------------------- Secret Key Operations ------------------------ */
|
||||||
|
{ CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
/* ---------------------- SSL/TLS operations ------------------------- */
|
||||||
|
{ CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA256_KEY_DERIVATION, { 112, 256, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA384_KEY_DERIVATION, { 112, 284, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SHA512_KEY_DERIVATION, { 112, 512, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SSL3_PRE_MASTER_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_TLS_PRF_GENERAL, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||||
|
/* sigh, is this algorithm really tested. ssl doesn't seem to have a
|
||||||
|
* way of turning the extension off */
|
||||||
|
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone },
|
||||||
|
|
||||||
|
/* ------------------------- HKDF Operations -------------------------- */
|
||||||
|
{ CKM_HKDF_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_HKDF_DATA, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone },
|
||||||
|
/* ------------------ NIST 800-108 Key Derivations ------------------- */
|
||||||
|
{ CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
/* --------------------IPSEC ----------------------- */
|
||||||
|
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_IKE_PRF_DERIVE, { 112, 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_IKE1_PRF_DERIVE, { 112, 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||||
|
/* ------------------ PBE Key Derivations ------------------- */
|
||||||
|
{ CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone },
|
||||||
|
{ CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 512, 512, CKF_GEN }, 1, SFTKFIPSNone }
|
||||||
|
};
|
||||||
|
const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs);
|
32
SOURCES/nss-disable-dc.patch
Normal file
32
SOURCES/nss-disable-dc.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
diff -up ./gtests/ssl_gtest/manifest.mn.orig ./gtests/ssl_gtest/manifest.mn
|
||||||
|
--- ./gtests/ssl_gtest/manifest.mn.orig 2021-06-02 15:40:48.677355426 -0700
|
||||||
|
+++ ./gtests/ssl_gtest/manifest.mn 2021-06-02 15:42:31.248977261 -0700
|
||||||
|
@@ -57,7 +57,6 @@ CPPSRCS = \
|
||||||
|
tls_filter.cc \
|
||||||
|
tls_protect.cc \
|
||||||
|
tls_psk_unittest.cc \
|
||||||
|
- tls_subcerts_unittest.cc \
|
||||||
|
tls_ech_unittest.cc \
|
||||||
|
$(SSLKEYLOGFILE_FILES) \
|
||||||
|
$(NULL)
|
||||||
|
diff -up ./lib/ssl/sslsock.c.orig ./lib/ssl/sslsock.c
|
||||||
|
--- ./lib/ssl/sslsock.c.orig 2021-05-28 02:50:43.000000000 -0700
|
||||||
|
+++ ./lib/ssl/sslsock.c 2021-06-02 15:40:48.676355420 -0700
|
||||||
|
@@ -819,7 +819,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SSL_ENABLE_DELEGATED_CREDENTIALS:
|
||||||
|
- ss->opt.enableDelegatedCredentials = val;
|
||||||
|
+ /* disable it for now */
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SSL_ENABLE_NPN:
|
||||||
|
@@ -1337,7 +1337,7 @@ SSL_OptionSetDefault(PRInt32 which, PRIn
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SSL_ENABLE_DELEGATED_CREDENTIALS:
|
||||||
|
- ssl_defaults.enableDelegatedCredentials = val;
|
||||||
|
+ /* disable it for now */
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SSL_ENABLE_NPN:
|
@ -1,6 +1,6 @@
|
|||||||
%global nss_version 3.79.0
|
%global nss_version 3.79.0
|
||||||
%global nspr_version 4.34.0
|
%global nspr_version 4.34.0
|
||||||
%global baserelease 13
|
%global baserelease 14
|
||||||
%global nss_release %baserelease
|
%global nss_release %baserelease
|
||||||
# NOTE: To avoid NVR clashes of nspr* packages:
|
# NOTE: To avoid NVR clashes of nspr* packages:
|
||||||
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
||||||
@ -126,6 +126,9 @@ Source22: pkcs11.txt.xml
|
|||||||
Source24: cert9.db.xml
|
Source24: cert9.db.xml
|
||||||
Source26: key4.db.xml
|
Source26: key4.db.xml
|
||||||
Source28: nss-p11-kit.config
|
Source28: nss-p11-kit.config
|
||||||
|
# fips algorithms are tied to the red hat validation, others
|
||||||
|
# will have their own validation
|
||||||
|
Source30: fips_algorithms.h
|
||||||
|
|
||||||
Source100: nspr-%{nspr_archive_version}.tar.gz
|
Source100: nspr-%{nspr_archive_version}.tar.gz
|
||||||
Source101: nspr-config.xml
|
Source101: nspr-config.xml
|
||||||
@ -156,6 +159,8 @@ Patch33: nss-no-dbm-man-page.patch
|
|||||||
Patch34: nss-3.71-fix-lto-gtests.patch
|
Patch34: nss-3.71-fix-lto-gtests.patch
|
||||||
# camellia pkcs12 docs.
|
# camellia pkcs12 docs.
|
||||||
Patch35: nss-3.71-camellia-pkcs12-doc.patch
|
Patch35: nss-3.71-camellia-pkcs12-doc.patch
|
||||||
|
# disable delegated credentials
|
||||||
|
Patch36: nss-disable-dc.patch
|
||||||
|
|
||||||
# patches that expect to be upstreamed
|
# patches that expect to be upstreamed
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1774659
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=1774659
|
||||||
@ -347,11 +352,17 @@ pushd nspr
|
|||||||
%patch120 -p1 -b .server-passive
|
%patch120 -p1 -b .server-passive
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
|
||||||
pushd nss
|
pushd nss
|
||||||
%autopatch -p1 -M 99
|
%autopatch -p1 -M 99
|
||||||
%patch300 -R -p1
|
%patch300 -R -p1
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
# copy the fips_algorithms.h for this release
|
||||||
|
# this file is release specific and matches what
|
||||||
|
# each vendors claim in their own FIPS certification
|
||||||
|
cp %{SOURCE30} nss/lib/softoken/
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
||||||
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
||||||
|
|
||||||
@ -1154,6 +1165,10 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 24 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-14
|
||||||
|
- Update fips_algorithms.h to match the final FIPS requirements
|
||||||
|
- Disable delegated credentials
|
||||||
|
|
||||||
* Wed Aug 24 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-13
|
* Wed Aug 24 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-13
|
||||||
- remove OAEP from the FIPS indicators
|
- remove OAEP from the FIPS indicators
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user