Robert Relyea
parent
65ad00a57f
commit
8324a0ed92
43
nss-3.101-fix-pkcs12-md5-decode.patch
Normal file
43
nss-3.101-fix-pkcs12-md5-decode.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
diff --git a/lib/util/nsshash.c b/lib/util/nsshash.c
|
||||||
|
--- a/lib/util/nsshash.c
|
||||||
|
+++ b/lib/util/nsshash.c
|
||||||
|
@@ -102,16 +102,19 @@ HASH_GetHashOidTagByHashType(HASH_HashTy
|
||||||
|
SECOidTag
|
||||||
|
HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid)
|
||||||
|
{
|
||||||
|
SECOidTag hashOid = SEC_OID_UNKNOWN;
|
||||||
|
|
||||||
|
switch (hmacOid) {
|
||||||
|
/* no oid exists for HMAC_MD2 */
|
||||||
|
/* NSS does not define a oid for HMAC_MD4 */
|
||||||
|
+ case SEC_OID_HMAC_MD5:
|
||||||
|
+ hashOid = SEC_OID_MD5;
|
||||||
|
+ break;
|
||||||
|
case SEC_OID_HMAC_SHA1:
|
||||||
|
hashOid = SEC_OID_SHA1;
|
||||||
|
break;
|
||||||
|
case SEC_OID_HMAC_SHA224:
|
||||||
|
hashOid = SEC_OID_SHA224;
|
||||||
|
break;
|
||||||
|
case SEC_OID_HMAC_SHA256:
|
||||||
|
hashOid = SEC_OID_SHA256;
|
||||||
|
@@ -145,16 +148,19 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
|
||||||
|
SECOidTag
|
||||||
|
HASH_GetHMACOidTagByHashOidTag(SECOidTag hashOid)
|
||||||
|
{
|
||||||
|
SECOidTag hmacOid = SEC_OID_UNKNOWN;
|
||||||
|
|
||||||
|
switch (hashOid) {
|
||||||
|
/* no oid exists for HMAC_MD2 */
|
||||||
|
/* NSS does not define a oid for HMAC_MD4 */
|
||||||
|
+ case SEC_OID_MD5:
|
||||||
|
+ hmacOid = SEC_OID_HMAC_MD5;
|
||||||
|
+ break;
|
||||||
|
case SEC_OID_SHA1:
|
||||||
|
hmacOid = SEC_OID_HMAC_SHA1;
|
||||||
|
break;
|
||||||
|
case SEC_OID_SHA224:
|
||||||
|
hmacOid = SEC_OID_HMAC_SHA224;
|
||||||
|
break;
|
||||||
|
case SEC_OID_SHA256:
|
||||||
|
hmacOid = SEC_OID_HMAC_SHA256;
|
||||||
@ -8,7 +8,7 @@ diff -up ./tests/ssl/ssl.sh.disable_ocsp_policy ./tests/ssl/ssl.sh
|
|||||||
+ # if we are running on a build machine that can't tolerate external
|
+ # if we are running on a build machine that can't tolerate external
|
||||||
+ # references don't run.
|
+ # references don't run.
|
||||||
+ vfyserv -o wrong.host.badssl.com -d ${P_R_SERVERDIR} > ${P_R_SERVERDIR}/vfy2.out 2>&1
|
+ vfyserv -o wrong.host.badssl.com -d ${P_R_SERVERDIR} > ${P_R_SERVERDIR}/vfy2.out 2>&1
|
||||||
+ RET=$? ; cat ${P_R_SERVERDIR}/vfy2.out"
|
+ RET=$? ; cat "${P_R_SERVERDIR}/vfy2.out"
|
||||||
+ # 5961 reset by peer
|
+ # 5961 reset by peer
|
||||||
+ grep 5961 ${P_R_SERVERDIR}/vfy2.out
|
+ grep 5961 ${P_R_SERVERDIR}/vfy2.out
|
||||||
+ GRET=$? ; echo "OCSP: RET=$RET GRET=$GRET"
|
+ GRET=$? ; echo "OCSP: RET=$RET GRET=$GRET"
|
||||||
|
|||||||
4
nss.spec
4
nss.spec
@ -182,6 +182,7 @@ Patch74: nss-3.90-dh-test-update.patch
|
|||||||
Patch75: nss-3.90-ppc_no_init.patch
|
Patch75: nss-3.90-ppc_no_init.patch
|
||||||
Patch76: nss-3.101-enable-kyber-policy.patch
|
Patch76: nss-3.101-enable-kyber-policy.patch
|
||||||
Patch77: nss-3.101-fix-rsa-policy-test.patch
|
Patch77: nss-3.101-fix-rsa-policy-test.patch
|
||||||
|
Patch78: nss-3.101-fix-pkcs12-md5-decode.patch
|
||||||
|
|
||||||
# RHEL-10 specific
|
# RHEL-10 specific
|
||||||
Patch90: nss-3.101-disable_dsa.patch
|
Patch90: nss-3.101-disable_dsa.patch
|
||||||
@ -1168,6 +1169,9 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 18 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-4
|
||||||
|
- Fix MD-5 decode issue in pkcs #12
|
||||||
|
|
||||||
* Mon Jul 15 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3
|
* Mon Jul 15 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3
|
||||||
- Add FIPS 140-3 defines to sec file
|
- Add FIPS 140-3 defines to sec file
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user