diff --git a/.gitignore b/.gitignore index 89bd7d5..ff74e46 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,5 @@ TestUser51.cert /nss-3.71.tar.gz /nss-3.79.tar.gz /nspr-4.34.tar.gz +/nspr-4.35.tar.gz +/nss-3.90.tar.gz diff --git a/cve-2023-0767.patch b/cve-2023-0767.patch deleted file mode 100644 index fc5d4fa..0000000 --- a/cve-2023-0767.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff --git a/lib/pkcs12/p12d.c b/lib/pkcs12/p12d.c ---- a/lib/pkcs12/p12d.c -+++ b/lib/pkcs12/p12d.c -@@ -335,35 +335,42 @@ - sec_PKCS12SafeContentsContext *safeContentsCtx = - (sec_PKCS12SafeContentsContext *)arg; - SEC_PKCS12DecoderContext *p12dcx; - SECStatus rv; - -- /* make sure that we are not skipping the current safeBag, -- * and that there are no errors. If so, just return rather -- * than continuing to process. -- */ -- if (!safeContentsCtx || !safeContentsCtx->p12dcx || -- safeContentsCtx->p12dcx->error || safeContentsCtx->skipCurrentSafeBag) { -+ if (!safeContentsCtx || !safeContentsCtx->p12dcx || !safeContentsCtx->currentSafeBagA1Dcx) { - return; - } - p12dcx = safeContentsCtx->p12dcx; - -+ /* make sure that there are no errors and we are not skipping the current safeBag */ -+ if (p12dcx->error || safeContentsCtx->skipCurrentSafeBag) { -+ goto loser; -+ } -+ - rv = SEC_ASN1DecoderUpdate(safeContentsCtx->currentSafeBagA1Dcx, data, len); - if (rv != SECSuccess) { - p12dcx->errorValue = PORT_GetError(); -+ p12dcx->error = PR_TRUE; -+ goto loser; -+ } -+ -+ /* The update may have set safeContentsCtx->skipCurrentSafeBag, and we -+ * may not get another opportunity to clean up the decoder context. -+ */ -+ if (safeContentsCtx->skipCurrentSafeBag) { - goto loser; - } - - return; - - loser: -- /* set the error, and finish the decoder context. because there -+ /* Finish the decoder context. Because there - * is not a way of returning an error message, it may be worth - * while to do a check higher up and finish any decoding contexts - * that are still open. - */ -- p12dcx->error = PR_TRUE; - SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagA1Dcx); - safeContentsCtx->currentSafeBagA1Dcx = NULL; - return; - } - -diff --git a/lib/pkcs12/p12t.h b/lib/pkcs12/p12t.h ---- a/lib/pkcs12/p12t.h -+++ b/lib/pkcs12/p12t.h -@@ -71,10 +71,11 @@ - SECKEYEncryptedPrivateKeyInfo *pkcs8ShroudedKeyBag; - sec_PKCS12CertBag *certBag; - sec_PKCS12CRLBag *crlBag; - sec_PKCS12SecretBag *secretBag; - sec_PKCS12SafeContents *safeContents; -+ SECItem *unknownBag; - } safeBagContent; - - sec_PKCS12Attribute **attribs; - - /* used locally */ -diff --git a/lib/pkcs12/p12tmpl.c b/lib/pkcs12/p12tmpl.c ---- a/lib/pkcs12/p12tmpl.c -+++ b/lib/pkcs12/p12tmpl.c -@@ -28,16 +28,16 @@ - - safeBag = (sec_PKCS12SafeBag *)src_or_dest; - - oiddata = SECOID_FindOID(&safeBag->safeBagType); - if (oiddata == NULL) { -- return SEC_ASN1_GET(SEC_AnyTemplate); -+ return SEC_ASN1_GET(SEC_PointerToAnyTemplate); - } - - switch (oiddata->offset) { - default: -- theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); -+ theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); - break; - case SEC_OID_PKCS12_V1_KEY_BAG_ID: - theTemplate = SEC_ASN1_GET(SECKEY_PointerToPrivateKeyInfoTemplate); - break; - case SEC_OID_PKCS12_V1_CERT_BAG_ID: - diff --git a/nspr-gcc-atomics.patch b/nspr-gcc-atomics.patch index b94e840..20eaefa 100644 --- a/nspr-gcc-atomics.patch +++ b/nspr-gcc-atomics.patch @@ -1,12 +1,7 @@ -diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h ---- a/pr/include/md/_linux.h -+++ b/pr/include/md/_linux.h -@@ -82,53 +82,73 @@ - #define NO_DLOPEN_NULL - #endif - - #if defined(__FreeBSD_kernel__) || defined(__GNU__) - #define _PR_HAVE_SOCKADDR_LEN +diff -up ./pr/include/md/_linux.h.gcc-atomics ./pr/include/md/_linux.h +--- ./pr/include/md/_linux.h.gcc-atomics 2022-09-20 11:23:22.008942926 -0700 ++++ ./pr/include/md/_linux.h 2022-09-20 11:34:45.536751340 -0700 +@@ -105,6 +105,15 @@ #endif #if defined(__i386__) @@ -22,11 +17,7 @@ diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h #define _PR_HAVE_ATOMIC_OPS #define _MD_INIT_ATOMIC() extern PRInt32 _PR_x86_AtomicIncrement(PRInt32 *val); - #define _MD_ATOMIC_INCREMENT _PR_x86_AtomicIncrement - extern PRInt32 _PR_x86_AtomicDecrement(PRInt32 *val); - #define _MD_ATOMIC_DECREMENT _PR_x86_AtomicDecrement - extern PRInt32 _PR_x86_AtomicAdd(PRInt32 *ptr, PRInt32 val); - #define _MD_ATOMIC_ADD _PR_x86_AtomicAdd +@@ -116,6 +125,7 @@ extern PRInt32 _PR_x86_AtomicAdd(PRInt32 extern PRInt32 _PR_x86_AtomicSet(PRInt32 *val, PRInt32 newval); #define _MD_ATOMIC_SET _PR_x86_AtomicSet #endif @@ -34,15 +25,7 @@ diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h #if defined(__ia64__) #define _PR_HAVE_ATOMIC_OPS - #define _MD_INIT_ATOMIC() - extern PRInt32 _PR_ia64_AtomicIncrement(PRInt32 *val); - #define _MD_ATOMIC_INCREMENT _PR_ia64_AtomicIncrement - extern PRInt32 _PR_ia64_AtomicDecrement(PRInt32 *val); - #define _MD_ATOMIC_DECREMENT _PR_ia64_AtomicDecrement - extern PRInt32 _PR_ia64_AtomicAdd(PRInt32 *ptr, PRInt32 val); - #define _MD_ATOMIC_ADD _PR_ia64_AtomicAdd - extern PRInt32 _PR_ia64_AtomicSet(PRInt32 *val, PRInt32 newval); - #define _MD_ATOMIC_SET _PR_ia64_AtomicSet +@@ -131,6 +141,15 @@ extern PRInt32 _PR_ia64_AtomicSet(PRInt3 #endif #if defined(__x86_64__) @@ -58,20 +41,11 @@ diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h #define _PR_HAVE_ATOMIC_OPS #define _MD_INIT_ATOMIC() extern PRInt32 _PR_x86_64_AtomicIncrement(PRInt32 *val); - #define _MD_ATOMIC_INCREMENT _PR_x86_64_AtomicIncrement - extern PRInt32 _PR_x86_64_AtomicDecrement(PRInt32 *val); - #define _MD_ATOMIC_DECREMENT _PR_x86_64_AtomicDecrement - extern PRInt32 _PR_x86_64_AtomicAdd(PRInt32 *ptr, PRInt32 val); - #define _MD_ATOMIC_ADD _PR_x86_64_AtomicAdd +@@ -142,6 +161,7 @@ extern PRInt32 _PR_x86_64_AtomicAdd(PRIn extern PRInt32 _PR_x86_64_AtomicSet(PRInt32 *val, PRInt32 newval); #define _MD_ATOMIC_SET _PR_x86_64_AtomicSet #endif +#endif - #if defined(__or1k__) + #if defined(__loongarch__) #if defined(__GNUC__) - /* Use GCC built-in functions */ - #define _PR_HAVE_ATOMIC_OPS - #define _MD_INIT_ATOMIC() - #define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1) - #define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1) diff --git a/nss-3.44-kbkdf-coverity.patch b/nss-3.44-kbkdf-coverity.patch deleted file mode 100644 index 1ef1d8d..0000000 --- a/nss-3.44-kbkdf-coverity.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up ./lib/softoken/kbkdf.c.coverity ./lib/softoken/kbkdf.c ---- ./lib/softoken/kbkdf.c.coverity 2019-12-03 15:33:43.047732312 -0800 -+++ ./lib/softoken/kbkdf.c 2019-12-03 15:39:40.982578357 -0800 -@@ -534,6 +534,10 @@ CK_RV kbkdf_CreateKey(CK_SESSION_HANDLE - PR_ASSERT(derived_key != NULL); - PR_ASSERT(derived_key->phKey != NULL); - -+ if (slot == NULL) { -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ - /* Create the new key object for this additional derived key. */ - key = sftk_NewObject(slot); - if (key == NULL) { -@@ -589,7 +593,9 @@ done: - sftk_FreeObject(key); - - /* Doesn't do anything. */ -- sftk_FreeSession(session); -+ if (session) { -+ sftk_FreeSession(session); -+ } - - return ret; - } -diff -up ./lib/softoken/sftkhmac.c.coverity ./lib/softoken/sftkhmac.c ---- ./lib/softoken/sftkhmac.c.coverity 2019-12-03 15:40:06.108848341 -0800 -+++ ./lib/softoken/sftkhmac.c 2019-12-03 15:41:04.919480267 -0800 -@@ -232,7 +232,9 @@ sftk_MAC_Init(sftk_MACCtx *ctx, CK_MECHA - keyval->attrib.ulValueLen, isFIPS); - - done: -- sftk_FreeAttribute(keyval); -+ if (keyval) { -+ sftk_FreeAttribute(keyval); -+ } - return ret; - } - diff --git a/nss-3.53.1-measure-fix.patch b/nss-3.53.1-measure-fix.patch deleted file mode 100644 index a312936..0000000 --- a/nss-3.53.1-measure-fix.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up ./coreconf/config.gypi.orig ./coreconf/config.gypi ---- ./coreconf/config.gypi.orig 2020-06-16 15:50:59.000000000 -0700 -+++ ./coreconf/config.gypi 2020-10-15 16:05:37.542761192 -0700 -@@ -363,7 +363,7 @@ - '_DEFAULT_SOURCE', # for functions, strdup, realpath, and getentropy - '_BSD_SOURCE', # for the above in glibc <= 2.19 - '_POSIX_SOURCE', # for -- 'SQL_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls -+ 'SDB_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls - ], - }], - [ 'OS=="dragonfly" or OS=="freebsd"', { -diff -up ./coreconf/Linux.mk.orig ./coreconf/Linux.mk ---- ./coreconf/Linux.mk.orig 2020-10-15 16:05:04.794591674 -0700 -+++ ./coreconf/Linux.mk 2020-10-15 16:05:37.543761197 -0700 -@@ -21,7 +21,7 @@ ifeq ($(USE_PTHREADS),1) - endif - - DEFAULT_COMPILER = gcc --DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSQL_MEASURE_USE_TEMP_DIR -+DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSDB_MEASURE_USE_TEMP_DIR - - ifeq ($(OS_TARGET),Android) - ifndef ANDROID_NDK diff --git a/nss-3.53.1-revert_rhel8_unsafe_policy_change.patch b/nss-3.53.1-revert_rhel8_unsafe_policy_change.patch deleted file mode 100644 index 9e39df7..0000000 --- a/nss-3.53.1-revert_rhel8_unsafe_policy_change.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up ./lib/pk11wrap/pk11pars.c.policy_revert ./lib/pk11wrap/pk11pars.c ---- ./lib/pk11wrap/pk11pars.c.policy_revert 2020-11-04 10:26:59.085300799 -0800 -+++ ./lib/pk11wrap/pk11pars.c 2020-11-04 10:29:52.774239468 -0800 -@@ -391,12 +391,6 @@ static const oidValDef signOptList[] = { - /* Signatures */ - { CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE, - NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, -- { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION, -- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, -- { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE, -- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, -- { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY, -- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, - }; - - typedef struct { -@@ -412,7 +406,7 @@ static const algListsDef algOptLists[] = - { macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE }, - { cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE }, - { kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE }, -- { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE }, -+ { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE }, - }; - - static const optionFreeDef sslOptList[] = { -diff -up ./tests/ssl/sslpolicy.txt.policy_revert ./tests/ssl/sslpolicy.txt ---- ./tests/ssl/sslpolicy.txt.policy_revert 2020-11-04 10:31:20.837715397 -0800 -+++ ./tests/ssl/sslpolicy.txt 2020-11-04 10:33:19.598357223 -0800 -@@ -193,7 +193,9 @@ - 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly - 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly -- 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly -+# rsa-pkcs, rsa-pss, and ecdsa policy checking reverted in rhel8 for binary -+# compatibility reasons -+# 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly - # test default settings - # NOTE: tstclient will attempt to overide the defaults, so we detect we - # were successful by locking in our settings diff --git a/nss-3.66-fix-gtest-parsing.patch b/nss-3.66-fix-gtest-parsing.patch deleted file mode 100644 index 7e5ff4b..0000000 --- a/nss-3.66-fix-gtest-parsing.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up ./tests/common/parsegtestreport.sed.new_gtest ./tests/common/parsegtestreport.sed ---- ./tests/common/parsegtestreport.sed.new_gtest 2021-06-17 16:26:49.361035662 -0700 -+++ ./tests/common/parsegtestreport.sed 2021-06-17 16:49:08.512261136 -0700 -@@ -1,8 +1,11 @@ - /\len) { - case 1536 / PR_BITS_PER_BYTE: -+ /* don't accept 1536 bit primes in FIPS mode */ -+ if (isFIPS) { -+ break; -+ } - if (PORT_Memcmp(dhPrime->data, prime_ike_1536, - sizeof(prime_ike_1536)) == 0) { - return &subprime_ike_1536; diff --git a/nss-3.67-cve-2021-43527-test.patch b/nss-3.67-cve-2021-43527-test.patch deleted file mode 100644 index 51cb8e0..0000000 --- a/nss-3.67-cve-2021-43527-test.patch +++ /dev/null @@ -1,325 +0,0 @@ -diff --git a/tests/cert/Leaf-bogus-dsa.crt b/tests/cert/Leaf-bogus-dsa.crt -new file mode 100644 ---- /dev/null -+++ b/tests/cert/Leaf-bogus-dsa.crt -@@ -0,0 +1,143 @@ -+-----BEGIN CERTIFICATE----- -+MIIaZzCCCkWgAwIBAgIBATALBgcqhkjOOAQDBQAwMTEvMC0GA1UEAxMmZGVjb2Rl -+RUNvckRTQVNpZ25hdHVyZS10ZXN0Q2FzZS90YXZpc28wHhcNMjEwMTAxMDAwMDAw -+WhcNNDEwMTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZkZWNvZGVFQ29yRFNBU2lnbmF0 -+dXJlLXRlc3RDYXNlL3RhdmlzbzCCCaYwggkaBgcqhkjOOAQBMIIJDQKBgQCqqqqq -+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq -+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq -+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgKCCAEAu7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7 -+u7u7u7u7u7u7u7u7u7u7u7sCgYEAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM -+zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM -+zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM -+zMzMzMwDgYUAAoGB3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d -+3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d -+3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3dMAkG -+ByqGSM44BAMDghAPADCCEAoCgggBAO7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u -+7u7u7u7uAoIIAQD///////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+//////////////////////////////////////////////////////////////// -+/////////////////////////////////////////////////////////w== -+-----END CERTIFICATE----- -diff --git a/tests/cert/Leaf-bogus-rsa-pss.crt b/tests/cert/Leaf-bogus-rsa-pss.crt -new file mode 100644 ---- /dev/null -+++ b/tests/cert/Leaf-bogus-rsa-pss.crt -@@ -0,0 +1,126 @@ -+-----BEGIN CERTIFICATE----- -+MIIXODCCC/WgAwIBAgIBAjApBgkqhkiG9w0BAQowHKACMAChETAPBQAwCwYJYIZI -+AWUDBAIBogMCASAwNzEgMB4GCSqGSIb3DQEJARYRdGF2aXNvQGdvb2dsZS5jb20x -+EzARBgNVBAMTCmJ1ZzE3Mzc0NzAwHhcNMjAwMTAxMDAwMDAwWhcNNDAwMTAxMDAw -+MDAwWjA3MSAwHgYJKoZIhvcNAQkBFhF0YXZpc29AZ29vZ2xlLmNvbTETMBEGA1UE -+AxMKYnVnMTczNzQ3MDCCCywwDQYJKoZIhvcNAQEBBQADggsZADCCCxQCggsLAMRE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE -+RERERERERERERERERERERERERERERERERERERERERERERERERERERQIDAQABMC4G -+CSqGSIb3DQEBCjAhoRowGAYJKoZIhvcNAQEIMAsGCSqGSIb3DQEBCqIDAgEgA4IL -+CwAAxVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV -+VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVU= -+-----END CERTIFICATE----- -diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh ---- a/tests/cert/cert.sh -+++ b/tests/cert/cert.sh -@@ -114,16 +114,28 @@ certu() - cert_log "ERROR: ${CU_ACTION} failed $RET" - else - html_passed "${CU_ACTION}" - fi - - return $RET - } - -+cert_test_vfy() -+{ -+ echo "$SCRIPTNAME: Verify large rsa pss signature --------------" -+ echo " vfychain -a Leaf-bogus-dsa.crt" -+ vfychain -a ${QADIR}/cert/Leaf-bogus-dsa.crt -+ html_msg $? 1 "Verify large dsa signature" -+ echo "$SCRIPTNAME: Verify large rsa pss signature --------------" -+ echo " vfychain -a Leaf-bogus-rsa-pss.crt" -+ vfychain -a ${QADIR}/cert/Leaf-bogus-rsa-pss.crt -+ html_msg $? 1 "Verify large rsa pss signature" -+} -+ - ################################ crlu ################################# - # local shell function to call crlutil, also: writes action and options to - # stdout, sets variable RET and writes results to the html file results - ######################################################################## - crlu() - { - echo "$SCRIPTNAME: ${CU_ACTION} --------------------------" - -@@ -2640,11 +2652,13 @@ if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then - else - echo "$SCRIPTNAME: Skipping CRL Tests" - fi - - if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then - cert_stresscerts - fi - -+cert_test_vfy -+ - cert_iopr_setup - - cert_cleanup diff --git a/nss-3.67-cve-2021-43527.patch b/nss-3.67-cve-2021-43527.patch deleted file mode 100644 index 8fc81d3..0000000 --- a/nss-3.67-cve-2021-43527.patch +++ /dev/null @@ -1,279 +0,0 @@ -diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c ---- a/lib/cryptohi/secvfy.c -+++ b/lib/cryptohi/secvfy.c -@@ -164,6 +164,37 @@ - PR_FALSE /*XXX: unsafeAllowMissingParameters*/); - } - -+static unsigned int -+checkedSignatureLen(const SECKEYPublicKey *pubk) -+{ -+ unsigned int sigLen = SECKEY_SignatureLen(pubk); -+ if (sigLen == 0) { -+ /* Error set by SECKEY_SignatureLen */ -+ return sigLen; -+ } -+ unsigned int maxSigLen; -+ switch (pubk->keyType) { -+ case rsaKey: -+ case rsaPssKey: -+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; -+ break; -+ case dsaKey: -+ maxSigLen = DSA_MAX_SIGNATURE_LEN; -+ break; -+ case ecKey: -+ maxSigLen = 2 * MAX_ECKEY_LEN; -+ break; -+ default: -+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -+ return 0; -+ } -+ if (sigLen > maxSigLen) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return 0; -+ } -+ return sigLen; -+} -+ - /* - * decode the ECDSA or DSA signature from it's DER wrapping. - * The unwrapped/raw signature is placed in the buffer pointed -@@ -174,38 +205,38 @@ - unsigned int len) - { - SECItem *dsasig = NULL; /* also used for ECDSA */ -- SECStatus rv = SECSuccess; - -- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && -- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { -- if (sig->len != len) { -- PORT_SetError(SEC_ERROR_BAD_DER); -- return SECFailure; -+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ -+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { -+ if (len > DSA_MAX_SIGNATURE_LEN) { -+ goto loser; - } -- -- PORT_Memcpy(dsig, sig->data, sig->len); -- return SECSuccess; -+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { -+ if (len > MAX_ECKEY_LEN * 2) { -+ goto loser; -+ } -+ } else { -+ goto loser; - } - -- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { -- if (len > MAX_ECKEY_LEN * 2) { -- PORT_SetError(SEC_ERROR_BAD_DER); -- return SECFailure; -- } -+ /* Decode and pad to length */ -+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); -+ if (dsasig == NULL) { -+ goto loser; - } -- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); -- -- if ((dsasig == NULL) || (dsasig->len != len)) { -- rv = SECFailure; -- } else { -- PORT_Memcpy(dsig, dsasig->data, dsasig->len); -+ if (dsasig->len != len) { -+ SECITEM_FreeItem(dsasig, PR_TRUE); -+ goto loser; - } - -- if (dsasig != NULL) -- SECITEM_FreeItem(dsasig, PR_TRUE); -- if (rv == SECFailure) -- PORT_SetError(SEC_ERROR_BAD_DER); -- return rv; -+ PORT_Memcpy(dsig, dsasig->data, len); -+ SECITEM_FreeItem(dsasig, PR_TRUE); -+ -+ return SECSuccess; -+ -+loser: -+ PORT_SetError(SEC_ERROR_BAD_DER); -+ return SECFailure; - } - - const SEC_ASN1Template hashParameterTemplate[] = -@@ -281,7 +312,7 @@ - sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, - const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) - { -- int len; -+ unsigned int len; - PLArenaPool *arena; - SECStatus rv; - SECItem oid; -@@ -466,48 +497,52 @@ - cx->pkcs1RSADigestInfo = NULL; - rv = SECSuccess; - if (sig) { -- switch (type) { -- case rsaKey: -- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, -- &cx->pkcs1RSADigestInfo, -- &cx->pkcs1RSADigestInfoLen, -- cx->key, -- sig, wincx); -- break; -- case rsaPssKey: -- sigLen = SECKEY_SignatureLen(key); -- if (sigLen == 0) { -- /* error set by SECKEY_SignatureLen */ -- rv = SECFailure; -+ rv = SECFailure; -+ if (type == rsaKey) { -+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, -+ &cx->pkcs1RSADigestInfo, -+ &cx->pkcs1RSADigestInfoLen, -+ cx->key, -+ sig, wincx); -+ } else { -+ sigLen = checkedSignatureLen(key); -+ /* Check signature length is within limits */ -+ if (sigLen == 0) { -+ /* error set by checkedSignatureLen */ -+ rv = SECFailure; -+ goto loser; -+ } -+ if (sigLen > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ rv = SECFailure; -+ goto loser; -+ } -+ switch (type) { -+ case rsaPssKey: -+ if (sig->len != sigLen) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ rv = SECFailure; -+ goto loser; -+ } -+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); -+ rv = SECSuccess; - break; -- } -- if (sig->len != sigLen) { -- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ case ecKey: -+ case dsaKey: -+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ -+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); -+ break; -+ default: -+ /* Unreachable */ - rv = SECFailure; -- break; -- } -- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); -- break; -- case dsaKey: -- case ecKey: -- sigLen = SECKEY_SignatureLen(key); -- if (sigLen == 0) { -- /* error set by SECKEY_SignatureLen */ -- rv = SECFailure; -- break; -- } -- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); -- break; -- default: -- rv = SECFailure; -- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -- break; -+ goto loser; -+ } -+ } -+ if (rv != SECSuccess) { -+ goto loser; - } - } - -- if (rv) -- goto loser; -- - /* check hash alg again, RSA may have changed it.*/ - if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { - /* error set by HASH_GetHashTypeByOidTag */ -@@ -650,11 +685,16 @@ - switch (cx->key->keyType) { - case ecKey: - case dsaKey: -- dsasig.data = cx->u.buffer; -- dsasig.len = SECKEY_SignatureLen(cx->key); -+ dsasig.len = checkedSignatureLen(cx->key); - if (dsasig.len == 0) { - return SECFailure; - } -+ if (dsasig.len > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ return SECFailure; -+ } -+ dsasig.data = cx->u.buffer; -+ - if (sig) { - rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, - dsasig.len); -@@ -686,8 +726,13 @@ - } - - rsasig.data = cx->u.buffer; -- rsasig.len = SECKEY_SignatureLen(cx->key); -+ rsasig.len = checkedSignatureLen(cx->key); - if (rsasig.len == 0) { -+ /* Error set by checkedSignatureLen */ -+ return SECFailure; -+ } -+ if (rsasig.len > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - if (sig) { -@@ -749,7 +794,6 @@ - SECStatus rv; - VFYContext *cx; - SECItem dsasig; /* also used for ECDSA */ -- - rv = SECFailure; - - cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); -@@ -757,19 +801,25 @@ - switch (key->keyType) { - case rsaKey: - rv = verifyPKCS1DigestInfo(cx, digest); -+ /* Error (if any) set by verifyPKCS1DigestInfo */ - break; -- case dsaKey: - case ecKey: -+ case dsaKey: - dsasig.data = cx->u.buffer; -- dsasig.len = SECKEY_SignatureLen(cx->key); -+ dsasig.len = checkedSignatureLen(cx->key); - if (dsasig.len == 0) { -+ /* Error set by checkedSignatureLen */ -+ rv = SECFailure; - break; - } -- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != -- SECSuccess) { -+ if (dsasig.len > sizeof(cx->u)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -- } else { -- rv = SECSuccess; -+ rv = SECFailure; -+ break; -+ } -+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); -+ if (rv != SECSuccess) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - } - break; - default: - diff --git a/nss-3.67-fix-coverity-issues.patch b/nss-3.67-fix-coverity-issues.patch deleted file mode 100644 index a68fa57..0000000 --- a/nss-3.67-fix-coverity-issues.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up ./lib/pk11wrap/pk11cxt.c.coverity ./lib/pk11wrap/pk11cxt.c ---- ./lib/pk11wrap/pk11cxt.c.coverity 2021-06-18 09:36:19.499203028 -0700 -+++ ./lib/pk11wrap/pk11cxt.c 2021-06-18 09:37:57.993765299 -0700 -@@ -382,7 +382,7 @@ pk11_CreateNewContextInSlot(CK_MECHANISM - * of the connection.*/ - context->fortezzaHack = PR_FALSE; - if (type == CKM_SKIPJACK_CBC64) { -- if (symKey->origin == PK11_OriginFortezzaHack) { -+ if (symKey && (symKey->origin == PK11_OriginFortezzaHack)) { - context->fortezzaHack = PR_TRUE; - } - } -diff -up ./lib/pk11wrap/pk11hpke.c.coverity ./lib/pk11wrap/pk11hpke.c ---- ./lib/pk11wrap/pk11hpke.c.coverity 2021-06-18 13:40:05.410644464 -0700 -+++ ./lib/pk11wrap/pk11hpke.c 2021-06-18 13:42:40.627606469 -0700 -@@ -1164,8 +1164,6 @@ PK11_HPKE_Seal(HpkeContext *cx, const SE - unsigned char tagBuf[HASH_LENGTH_MAX]; - size_t tagLen; - unsigned int fixedBits; -- PORT_Assert(cx->baseNonce->len == sizeof(ivOut)); -- PORT_Memcpy(ivOut, cx->baseNonce->data, cx->baseNonce->len); - - /* aad may be NULL, PT may be zero-length but not NULL. */ - if (!cx || !cx->aeadContext || -@@ -1176,6 +1174,9 @@ PK11_HPKE_Seal(HpkeContext *cx, const SE - return SECFailure; - } - -+ PORT_Assert(cx->baseNonce->len == sizeof(ivOut)); -+ PORT_Memcpy(ivOut, cx->baseNonce->data, cx->baseNonce->len); -+ - tagLen = cx->aeadParams->tagLen; - maxOut = pt->len + tagLen; - fixedBits = (cx->baseNonce->len - 8) * 8; -diff -up ./lib/softoken/sftkike.c.coverity ./lib/softoken/sftkike.c ---- ./lib/softoken/sftkike.c.coverity 2021-06-18 09:33:59.633405513 -0700 -+++ ./lib/softoken/sftkike.c 2021-06-18 09:34:20.305523382 -0700 -@@ -1411,7 +1411,6 @@ sftk_fips_IKE_PowerUpSelfTests(void) - (outKeySize != sizeof(ike_known_sha256_prf_plus)) || - (PORT_Memcmp(outKeyData, ike_known_sha256_prf_plus, - sizeof(ike_known_sha256_prf_plus)) != 0)) { -- PORT_ZFree(outKeyData, outKeySize); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } diff --git a/nss-3.67-fix-private-key-mac.patch b/nss-3.67-fix-private-key-mac.patch deleted file mode 100644 index d211940..0000000 --- a/nss-3.67-fix-private-key-mac.patch +++ /dev/null @@ -1,81 +0,0 @@ -diff -up ./lib/softoken/sftkpwd.c.orig ./lib/softoken/sftkpwd.c ---- ./lib/softoken/sftkpwd.c.orig 2021-06-10 05:33:12.000000000 -0700 -+++ ./lib/softoken/sftkpwd.c 2021-07-01 14:04:34.068596942 -0700 -@@ -287,9 +287,12 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha - } - - /* If we are using aes 256, we need to check authentication as well.*/ -- if ((type != CKT_INVALID_TYPE) && (cipherValue.alg == SEC_OID_AES_256_CBC)) { -+ if ((type != CKT_INVALID_TYPE) && -+ (cipherValue.alg == SEC_OID_PKCS5_PBES2) && -+ (cipherValue.param->encAlg == SEC_OID_AES_256_CBC)) { - SECItem signature; - unsigned char signData[SDB_MAX_META_DATA_LEN]; -+ CK_RV crv; - - /* if we get here from the old legacy db, there is clearly an - * error, don't return the plaintext */ -@@ -301,15 +304,28 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha - - signature.data = signData; - signature.len = sizeof(signData); -- rv = sftkdb_GetAttributeSignature(handle, handle, id, type, -+ rv = SECFailure; -+ /* sign sftkdb_GetAttriibuteSignature returns a crv, not an rv */ -+ crv = sftkdb_GetAttributeSignature(handle, handle, id, type, - &signature); -- if (rv != SECSuccess) { -- goto loser; -+ if (crv == CKR_OK) { -+ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, -+ type, *plain, &signature); - } -- rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, type, -- *plain, &signature); - if (rv != SECSuccess) { -- goto loser; -+ /* handle a bug where old versions of NSS misfiled the signature -+ * attribute on password update */ -+ id |= SFTK_KEYDB_TYPE|SFTK_TOKEN_TYPE; -+ signature.len = sizeof(signData); -+ crv = sftkdb_GetAttributeSignature(handle, handle, id, type, -+ &signature); -+ if (crv != CKR_OK) { -+ rv = SECFailure; -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ goto loser; -+ } -+ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, -+ type, *plain, &signature); - } - } - -@@ -1198,6 +1214,7 @@ sftk_updateEncrypted(PLArenaPool *arena, - unsigned int i; - for (i = 0; i < privAttrCount; i++) { - // Read the old attribute in the clear. -+ CK_OBJECT_HANDLE sdbId = id & SFTK_OBJ_ID_MASK; - CK_ATTRIBUTE privAttr = { privAttrTypes[i], NULL, 0 }; - CK_RV crv = sftkdb_GetAttributeValue(keydb, id, &privAttr, 1); - if (crv != CKR_OK) { -@@ -1222,7 +1239,7 @@ sftk_updateEncrypted(PLArenaPool *arena, - plainText.data = privAttr.pValue; - plainText.len = privAttr.ulValueLen; - if (sftkdb_EncryptAttribute(arena, keydb, keydb->db, newKey, -- iterationCount, id, privAttr.type, -+ iterationCount, sdbId, privAttr.type, - &plainText, &result) != SECSuccess) { - return CKR_GENERAL_ERROR; - } -@@ -1232,10 +1249,9 @@ sftk_updateEncrypted(PLArenaPool *arena, - PORT_Memset(plainText.data, 0, plainText.len); - - // Write the newly encrypted attributes out directly. -- CK_OBJECT_HANDLE newId = id & SFTK_OBJ_ID_MASK; - keydb->newKey = newKey; - keydb->newDefaultIterationCount = iterationCount; -- crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, newId, &privAttr, 1); -+ crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, sdbId, &privAttr, 1); - keydb->newKey = NULL; - if (crv != CKR_OK) { - return crv; diff --git a/nss-3.67-fix-ssl-alerts.patch b/nss-3.67-fix-ssl-alerts.patch deleted file mode 100644 index 10cdaf5..0000000 --- a/nss-3.67-fix-ssl-alerts.patch +++ /dev/null @@ -1,122 +0,0 @@ -diff -up ./lib/ssl/ssl3con.c.alert-fix ./lib/ssl/ssl3con.c ---- ./lib/ssl/ssl3con.c.alert-fix 2021-06-10 05:33:12.000000000 -0700 -+++ ./lib/ssl/ssl3con.c 2021-07-06 17:08:25.894018521 -0700 -@@ -4319,7 +4319,11 @@ ssl_SignatureSchemeValid(SSLSignatureSch - if (!ssl_IsSupportedSignatureScheme(scheme)) { - return PR_FALSE; - } -- if (!ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { -+ /* if we are purposefully passed SEC_OID_UNKOWN, it means -+ * we not checking the scheme against a potential key, so skip -+ * the call */ -+ if ((spkiOid != SEC_OID_UNKNOWN) && -+ !ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { - return PR_FALSE; - } - if (isTls13) { -@@ -4517,7 +4521,8 @@ ssl_CheckSignatureSchemeConsistency(sslS - } - - /* Verify that the signature scheme matches the signing key. */ -- if (!ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { -+ if ((spkiOid == SEC_OID_UNKNOWN) || -+ !ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { - PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); - return SECFailure; - } -@@ -4533,6 +4538,7 @@ ssl_CheckSignatureSchemeConsistency(sslS - PRBool - ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme) - { -+ PRBool isSupported = PR_FALSE; - switch (scheme) { - case ssl_sig_rsa_pkcs1_sha1: - case ssl_sig_rsa_pkcs1_sha256: -@@ -4552,7 +4558,8 @@ ssl_IsSupportedSignatureScheme(SSLSignat - case ssl_sig_dsa_sha384: - case ssl_sig_dsa_sha512: - case ssl_sig_ecdsa_sha1: -- return PR_TRUE; -+ isSupported = PR_TRUE; -+ break; - - case ssl_sig_rsa_pkcs1_sha1md5: - case ssl_sig_none: -@@ -4560,7 +4567,19 @@ ssl_IsSupportedSignatureScheme(SSLSignat - case ssl_sig_ed448: - return PR_FALSE; - } -- return PR_FALSE; -+ if (isSupported) { -+ SECOidTag hashOID = ssl3_HashTypeToOID(ssl_SignatureSchemeToHashType(scheme)); -+ PRUint32 policy; -+ const PRUint32 sigSchemePolicy= -+ NSS_USE_ALG_IN_SSL_KX|NSS_USE_ALG_IN_SIGNATURE; -+ /* check hash policy */ -+ if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) && -+ ((policy & sigSchemePolicy) != sigSchemePolicy)) { -+ return PR_FALSE; -+ } -+ /* check algorithm policy */ -+ } -+ return isSupported; - } - - PRBool -@@ -6533,6 +6552,9 @@ ssl_PickSignatureScheme(sslSocket *ss, - } - - spkiOid = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm); -+ if (spkiOid == SEC_OID_UNKNOWN) { -+ goto loser; -+ } - - /* Now we have to search based on the key type. Go through our preferred - * schemes in order and find the first that can be used. */ -@@ -6547,6 +6569,7 @@ ssl_PickSignatureScheme(sslSocket *ss, - } - } - -+loser: - PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); - return SECFailure; - } -@@ -7700,7 +7723,8 @@ ssl_ParseSignatureSchemes(const sslSocke - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } -- if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { -+ if (ssl_SignatureSchemeValid((SSLSignatureScheme)tmp, SEC_OID_UNKNOWN, -+ (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3)) {; - schemes[numSupported++] = (SSLSignatureScheme)tmp; - } - } -@@ -10286,7 +10310,12 @@ ssl3_HandleCertificateVerify(sslSocket * - PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_record); - rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); - if (rv != SECSuccess) { -- goto loser; /* malformed or unsupported. */ -+ errCode = PORT_GetError(); -+ /* unsupported == illegal_parameter, others == handshake_failure. */ -+ if (errCode == SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM) { -+ desc = illegal_parameter; -+ } -+ goto alert_loser; - } - rv = ssl_CheckSignatureSchemeConsistency( - ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); -diff -up ./gtests/ssl_gtest/ssl_extension_unittest.cc.alert-fix ./gtests/ssl_gtest/ssl_extension_unittest.cc ---- ./gtests/ssl_gtest/ssl_extension_unittest.cc.alert-fix 2021-07-07 11:32:11.634376932 -0700 -+++ ./gtests/ssl_gtest/ssl_extension_unittest.cc 2021-07-07 11:33:30.595841110 -0700 -@@ -428,7 +428,10 @@ TEST_P(TlsExtensionTest12Plus, Signature - } - - TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) { -- const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00}; // sha-256, rsa -+ // make sure the test uses an algorithm that is legal for -+ // tls 1.3 (or tls 1.3 will through and illegalParameter -+ // instead of a decode error) -+ const uint8_t val[] = {0x00, 0x02, 0x08, 0x09, 0x00}; // sha-256, rsa-pss-pss - DataBuffer extension(val, sizeof(val)); - ClientHelloErrorTest(std::make_shared( - client_, ssl_signature_algorithms_xtn, extension)); diff --git a/nss-3.71-fips-module-name.patch b/nss-3.71-fips-module-name.patch deleted file mode 100644 index a1ec103..0000000 --- a/nss-3.71-fips-module-name.patch +++ /dev/null @@ -1,825 +0,0 @@ -diff --git a/cmd/manifest.mn b/cmd/manifest.mn ---- a/cmd/manifest.mn -+++ b/cmd/manifest.mn -@@ -76,6 +76,7 @@ - symkeyutil \ - tests \ - tstclnt \ -+ validation \ - vfychain \ - vfyserv \ - modutil \ -diff --git a/cmd/validation/Makefile b/cmd/validation/Makefile -new file mode 100644 ---- /dev/null -+++ b/cmd/validation/Makefile -@@ -0,0 +1,48 @@ -+#! gmake -+# -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+####################################################################### -+# (1) Include initial platform-independent assignments (MANDATORY). # -+####################################################################### -+ -+include manifest.mn -+ -+####################################################################### -+# (2) Include "global" configuration information. (OPTIONAL) # -+####################################################################### -+ -+include $(CORE_DEPTH)/coreconf/config.mk -+ -+####################################################################### -+# (3) Include "component" configuration information. (OPTIONAL) # -+####################################################################### -+ -+####################################################################### -+# (4) Include "local" platform-dependent assignments (OPTIONAL). # -+####################################################################### -+ -+include ../platlibs.mk -+ -+ -+####################################################################### -+# (5) Execute "global" rules. (OPTIONAL) # -+####################################################################### -+ -+include $(CORE_DEPTH)/coreconf/rules.mk -+ -+####################################################################### -+# (6) Execute "component" rules. (OPTIONAL) # -+####################################################################### -+ -+ -+ -+####################################################################### -+# (7) Execute "local" rules. (OPTIONAL). # -+####################################################################### -+ -+ -+include ../platrules.mk -+ -diff --git a/cmd/validation/manifest.mn b/cmd/validation/manifest.mn -new file mode 100644 ---- /dev/null -+++ b/cmd/validation/manifest.mn -@@ -0,0 +1,23 @@ -+# -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+CORE_DEPTH = ../.. -+ -+DEFINES += -DNSPR20 -+ -+# MODULE public and private header directories are implicitly REQUIRED. -+MODULE = nss -+ -+CSRCS = \ -+ validation.c \ -+ $(NULL) -+ -+# The MODULE is always implicitly required. -+# Listing it here in REQUIRES makes it appear twice in the cc command line. -+REQUIRES = dbm seccmd -+ -+PROGRAM = validation -+ -+# USE_STATIC_LIBS = 1 -diff --git a/cmd/validation/validation.c b/cmd/validation/validation.c -new file mode 100644 ---- /dev/null -+++ b/cmd/validation/validation.c -@@ -0,0 +1,249 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#ifdef _CRTDBG_MAP_ALLOC -+#include -+#include -+#endif -+ -+#include "nspr.h" -+#include "secutil.h" -+#include "pk11func.h" -+#include "nss.h" -+#include "secport.h" -+#include "secpkcs5.h" -+#include "sechash.h" -+#include "certdb.h" -+#include "secmod.h" -+ -+#define PKCS12_IN_BUFFER_SIZE 200 -+ -+static char *progName; -+PRBool debug = PR_FALSE; -+ -+#define ERR_USAGE 2 -+#define ERR_PK11GETSLOT 13 -+ -+static void -+Usage() -+{ -+#define FPS PR_fprintf(PR_STDERR, -+ FPS "Usage: %s [-d certdir] [-P dbprefix] [-h tokenname]\n", -+ progName); -+ FPS "\t\t [-k slotpwfile | -K slotpw] [-v]\n"); -+ -+ exit(ERR_USAGE); -+} -+ -+typedef enum { -+ tagULong, -+ tagVersion, -+ tagUtf8 -+} tagType; -+ -+typedef struct { -+ const char *attributeName; -+ tagType attributeStorageType; -+} attributeTag; -+ -+enum { -+ opt_CertDir = 0, -+ opt_TokenName, -+ opt_SlotPWFile, -+ opt_SlotPW, -+ opt_DBPrefix, -+ opt_Debug -+}; -+ -+static secuCommandFlag validation_options[] = -+ { -+ { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, -+ { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, -+ { /* opt_SlotPWFile */ 'k', PR_TRUE, 0, PR_FALSE }, -+ { /* opt_SlotPW */ 'K', PR_TRUE, 0, PR_FALSE }, -+ { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, -+ { /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE } -+ }; -+ -+void -+dump_Raw(char *label, CK_ATTRIBUTE *attr) -+{ -+ int i; -+ unsigned char *value = (unsigned char *)attr->pValue; -+ printf("0x"); -+ for (i = 0; i < attr->ulValueLen; i++) { -+ printf("%02x", value[i]); -+ } -+ printf("<%s>\n", label); -+} -+ -+SECStatus -+dump_validations(CK_OBJECT_CLASS objc, CK_ATTRIBUTE *template, int count, -+ attributeTag *tags, PK11SlotInfo *slot) -+{ -+ PK11GenericObject *objs, *obj; -+ -+ objs = PK11_FindGenericObjects(slot, objc); -+ -+ for (obj = objs; obj != NULL; obj = PK11_GetNextGenericObject(obj)) { -+ int i; -+ printf("Validation Object:\n"); -+ PK11_ReadRawAttributes(NULL, PK11_TypeGeneric, obj, template, count); -+ for (i = 0; i < count; i++) { -+ CK_ULONG ulong; -+ CK_VERSION version; -+ int len = template[i].ulValueLen; -+ printf(" %s: ", tags[i].attributeName); -+ if (len < 0) { -+ printf("\n"); -+ } else if (len == 0) { -+ printf("\n"); -+ } else -+ switch (tags[i].attributeStorageType) { -+ case tagULong: -+ if (len != sizeof(CK_ULONG)) { -+ dump_Raw("bad ulong", &template[i]); -+ break; -+ } -+ ulong = *(CK_ULONG *)template[i].pValue; -+ printf("%ld\n", ulong); -+ break; -+ case tagVersion: -+ if (len != sizeof(CK_VERSION)) { -+ dump_Raw("bad version", &template[i]); -+ break; -+ } -+ version = *(CK_VERSION *)template[i].pValue; -+ printf("%d.%d\n", version.major, version.minor); -+ break; -+ case tagUtf8: -+ printf("%.*s\n", len, (char *)template[i].pValue); -+ break; -+ default: -+ dump_Raw("unknown tag", &template[i]); -+ break; -+ } -+ PORT_Free(template[i].pValue); -+ template[i].pValue = NULL; -+ template[i].ulValueLen = 0; -+ } -+ } -+ PK11_DestroyGenericObjects(objs); -+ return SECSuccess; -+} -+ -+int -+main(int argc, char **argv) -+{ -+ secuPWData slotPw = { PW_NONE, NULL }; -+ secuPWData p12FilePw = { PW_NONE, NULL }; -+ PK11SlotInfo *slot; -+ char *slotname = NULL; -+ char *dbprefix = ""; -+ char *nssdir = NULL; -+ SECStatus rv; -+ secuCommand validation; -+ int local_errno = 0; -+ -+ CK_ATTRIBUTE validation_template[] = { -+ { CKA_NSS_VALIDATION_TYPE, NULL, 0 }, -+ { CKA_NSS_VALIDATION_VERSION, NULL, 0 }, -+ { CKA_NSS_VALIDATION_LEVEL, NULL, 0 }, -+ { CKA_NSS_VALIDATION_MODULE_ID, NULL, 0 } -+ }; -+ attributeTag validation_tags[] = { -+ { "Validation Type", tagULong }, -+ { "Validation Version", tagVersion }, -+ { "Validation Level", tagULong }, -+ { "Validation Module ID", tagUtf8 }, -+ }; -+ -+#ifdef _CRTDBG_MAP_ALLOC -+ _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF); -+#endif -+ -+ validation.numCommands = 0; -+ validation.commands = 0; -+ validation.numOptions = PR_ARRAY_SIZE(validation_options); -+ validation.options = validation_options; -+ -+ progName = strrchr(argv[0], '/'); -+ progName = progName ? progName + 1 : argv[0]; -+ -+ rv = SECU_ParseCommandLine(argc, argv, progName, &validation); -+ -+ if (rv != SECSuccess) -+ Usage(); -+ -+ debug = validation.options[opt_Debug].activated; -+ -+ slotname = SECU_GetOptionArg(&validation, opt_TokenName); -+ -+ if (validation.options[opt_SlotPWFile].activated) { -+ slotPw.source = PW_FROMFILE; -+ slotPw.data = PORT_Strdup(validation.options[opt_SlotPWFile].arg); -+ } -+ -+ if (validation.options[opt_SlotPW].activated) { -+ slotPw.source = PW_PLAINTEXT; -+ slotPw.data = PORT_Strdup(validation.options[opt_SlotPW].arg); -+ } -+ -+ if (validation.options[opt_CertDir].activated) { -+ nssdir = validation.options[opt_CertDir].arg; -+ } -+ if (validation.options[opt_DBPrefix].activated) { -+ dbprefix = validation.options[opt_DBPrefix].arg; -+ } -+ -+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); -+ if (nssdir == NULL && NSS_NoDB_Init("") == SECSuccess) { -+ rv = SECSuccess; -+ /* if the system isn't already in FIPS mode, we need -+ * to switch to FIPS mode */ -+ if (!PK11_IsFIPS()) { -+ /* flip to FIPS mode */ -+ SECMODModule *module = SECMOD_GetInternalModule(); -+ rv = SECMOD_DeleteInternalModule(module->commonName); -+ } -+ } else { -+ rv = NSS_Initialize(nssdir, dbprefix, dbprefix, -+ "secmod.db", 0); -+ } -+ if (rv != SECSuccess) { -+ SECU_PrintPRandOSError(progName); -+ exit(-1); -+ } -+ -+ if (!slotname || PL_strcmp(slotname, "internal") == 0) -+ slot = PK11_GetInternalKeySlot(); -+ else -+ slot = PK11_FindSlotByName(slotname); -+ -+ if (!slot) { -+ SECU_PrintError(progName, "Invalid slot \"%s\"", slotname); -+ local_errno = ERR_PK11GETSLOT; -+ goto done; -+ } -+ -+ rv = dump_validations(CKO_NSS_VALIDATION, -+ validation_template, -+ PR_ARRAY_SIZE(validation_template), -+ validation_tags, -+ slot); -+ -+done: -+ if (slotPw.data != NULL) -+ PORT_ZFree(slotPw.data, PL_strlen(slotPw.data)); -+ if (p12FilePw.data != NULL) -+ PORT_ZFree(p12FilePw.data, PL_strlen(p12FilePw.data)); -+ if (slot) -+ PK11_FreeSlot(slot); -+ if (NSS_Shutdown() != SECSuccess) { -+ local_errno = 1; -+ } -+ PL_ArenaFinish(); -+ PR_Cleanup(); -+ return local_errno; -+} -diff --git a/cmd/validation/validation.gyp b/cmd/validation/validation.gyp -new file mode 100644 ---- /dev/null -+++ b/cmd/validation/validation.gyp -@@ -0,0 +1,30 @@ -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+{ -+ 'includes': [ -+ '../../coreconf/config.gypi', -+ '../../cmd/platlibs.gypi' -+ ], -+ 'targets': [ -+ { -+ 'target_name': 'validation', -+ 'type': 'executable', -+ 'sources': [ -+ 'validation.c' -+ ], -+ 'dependencies': [ -+ '<(DEPTH)/exports.gyp:dbm_exports', -+ '<(DEPTH)/exports.gyp:nss_exports' -+ ] -+ } -+ ], -+ 'target_defaults': { -+ 'defines': [ -+ 'NSPR20' -+ ] -+ }, -+ 'variables': { -+ 'module': 'nss' -+ } -+} -diff --git a/lib/softoken/config.mk b/lib/softoken/config.mk ---- a/lib/softoken/config.mk -+++ b/lib/softoken/config.mk -@@ -59,3 +59,7 @@ - DEFINES += -DNSS_ENABLE_FIPS_INDICATORS - endif - -+ifdef NSS_FIPS_MODULE_ID -+DEFINES += -DNSS_FIPS_MODULE_ID=\"${NSS_FIPS_MODULE_ID}\" -+endif -+ -diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c ---- a/lib/softoken/pkcs11.c -+++ b/lib/softoken/pkcs11.c -@@ -75,7 +75,6 @@ - * failure so that there are at most 60 login attempts per minute. - */ - static PRIntervalTime loginWaitTime; --static PRUint32 minSessionObjectHandle = 1U; - - #define __PASTE(x, y) x##y - -@@ -1672,8 +1671,6 @@ - { - SFTKSlot *slot = session->slot; - SFTKAttribute *attribute; -- SFTKObject *duplicateObject = NULL; -- CK_OBJECT_HANDLE handle; - CK_BBOOL ckfalse = CK_FALSE; - CK_BBOOL cktrue = CK_TRUE; - CK_RV crv; -@@ -1711,30 +1708,13 @@ - * token objects and will have a token object handle assigned to - * them by a call to sftk_mkHandle in the handler for each object - * class, invoked below. -- * -+ * - * It may be helpful to note/remember that - * sftk_narrowToXxxObject uses sftk_isToken, - * sftk_isToken examines the sign bit of the object's handle, but - * sftk_isTrue(...,CKA_TOKEN) examines the CKA_TOKEN attribute. - */ -- do { -- PRUint32 wrappedAround; -- -- duplicateObject = NULL; -- PZ_Lock(slot->objectLock); -- wrappedAround = slot->sessionObjectHandleCount & SFTK_TOKEN_MASK; -- handle = slot->sessionObjectHandleCount & ~SFTK_TOKEN_MASK; -- if (!handle) /* don't allow zero handle */ -- handle = minSessionObjectHandle; -- slot->sessionObjectHandleCount = (handle + 1U) | wrappedAround; -- /* Is there already a session object with this handle? */ -- if (wrappedAround) { -- sftkqueue_find(duplicateObject, handle, slot->sessObjHashTable, -- slot->sessObjHashSize); -- } -- PZ_Unlock(slot->objectLock); -- } while (duplicateObject != NULL); -- object->handle = handle; -+ object->handle = sftk_getNextHandle(slot); - - /* get the object class */ - attribute = sftk_FindAttribute(object, CKA_CLASS); -@@ -2875,10 +2855,15 @@ - goto mem_loser; - - slot->sessionIDCount = 0; -- slot->sessionObjectHandleCount = minSessionObjectHandle; -+ slot->sessionObjectHandleCount = NSC_MIN_SESSION_OBJECT_HANDLE; - slot->slotID = slotID; - sftk_setStringName(params->slotdes ? params->slotdes : sftk_getDefSlotName(slotID), slot->slotDescription, - sizeof(slot->slotDescription), PR_TRUE); -+ crv = sftk_InitSession(&slot->moduleObjects, slot, slotID, NULL, NULL, -+ CKF_SERIAL_SESSION); -+ if (crv != CKR_OK) { -+ goto loser; -+ } - - /* call the reinit code to set everything that changes between token - * init calls */ -@@ -2887,6 +2872,12 @@ - if (crv != CKR_OK) { - goto loser; - } -+ if (sftk_isFIPS(slotID)) { -+ crv = sftk_CreateValidationObjects(slot); -+ if (crv != CKR_OK) { -+ goto loser; -+ } -+ } - crv = sftk_RegisterSlot(slot, moduleIndex); - if (crv != CKR_OK) { - goto loser; -@@ -3032,6 +3023,8 @@ - - SFTK_ShutdownSlot(slot); - -+ sftk_ClearSession(&slot->moduleObjects); -+ - if (slot->tokObjHashTable) { - PL_HashTableDestroy(slot->tokObjHashTable); - slot->tokObjHashTable = NULL; -@@ -3262,6 +3255,7 @@ - CK_RV crv = CKR_OK; - SECStatus rv; - CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved; -+ PRBool destroy_freelist_on_error = PR_TRUE; - int i; - unsigned int moduleIndex = isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE; - -@@ -3341,7 +3335,14 @@ - "disabled FIPS mode"); - } - } -+ /* if we have a peer open, we don't want to destroy the freelist -+ * from under the peer if we fail, the free list will be -+ * destroyed in that case when the C_Finalize is called for -+ * the peer */ -+ destroy_freelist_on_error = PR_FALSE; - } -+ /* allow us to create objects in SFTK_SlotInit */ -+ sftk_InitFreeLists(); - - for (i = 0; i < paramStrings.token_count; i++) { - crv = SFTK_SlotInit(paramStrings.configdir, -@@ -3355,8 +3356,9 @@ - loser: - sftk_freeParams(¶mStrings); - } -- if (CKR_OK == crv) { -- sftk_InitFreeLists(); -+ if (destroy_freelist_on_error && (CKR_OK != crv)) { -+ /* idempotent. If the list are already freed, this is a noop */ -+ sftk_CleanupFreeLists(); - } - - #ifndef NO_FORK_CHECK -diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h ---- a/lib/softoken/pkcs11i.h -+++ b/lib/softoken/pkcs11i.h -@@ -49,6 +49,8 @@ - #define NSC_SEARCH_BLOCK_SIZE 5 - #define NSC_SLOT_LIST_BLOCK_SIZE 10 - -+#define NSC_MIN_SESSION_OBJECT_HANDLE 1U -+ - #define NSC_FIPS_MODULE 1 - #define NSC_NON_FIPS_MODULE 0 - -@@ -375,6 +377,9 @@ - char tokDescription[33]; /* per load */ - char updateTokDescription[33]; /* per load */ - char slotDescription[65]; /* invariant */ -+ SFTKSession moduleObjects; /* global session to hang module specific -+ * objects like profile objects or -+ * validation objects */ - }; - - /* -@@ -766,6 +771,7 @@ - extern void sftk_ReferenceObject(SFTKObject *object); - extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle, - SFTKSession *session); -+extern CK_OBJECT_HANDLE sftk_getNextHandle(SFTKSlot *slot); - extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object); - extern void sftk_AddObject(SFTKSession *session, SFTKObject *object); - /* clear out all the existing object ID to database key mappings. -@@ -787,7 +793,11 @@ - extern CK_SLOT_ID sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle); - extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle); - extern void sftk_FreeSession(SFTKSession *session); -+extern void sftk_ClearSession(SFTKSession *session); - extern void sftk_DestroySession(SFTKSession *session); -+extern CK_RV sftk_InitSession(SFTKSession *session, SFTKSlot *slot, -+ CK_SLOT_ID slotID, CK_NOTIFY notify, -+ CK_VOID_PTR pApplication, CK_FLAGS flags); - extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, - CK_VOID_PTR pApplication, CK_FLAGS flags); - extern void sftk_update_state(SFTKSlot *slot, SFTKSession *session); -@@ -955,6 +965,9 @@ - * FIPS security policy */ - PRBool sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, - CK_ATTRIBUTE_TYPE op, SFTKObject *source); -+/* add validation objects to the slot */ -+CK_RV sftk_CreateValidationObjects(SFTKSlot *slot); -+ - SEC_END_PROTOS - - #endif /* _PKCS11I_H_ */ -diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c ---- a/lib/softoken/pkcs11u.c -+++ b/lib/softoken/pkcs11u.c -@@ -14,6 +14,7 @@ - #include "sftkdb.h" - #include "softoken.h" - #include "secoid.h" -+#include "softkver.h" - - #if !defined(NSS_FIPS_DISABLED) && defined(NSS_ENABLE_FIPS_INDICATORS) - /* this file should be supplied by the vendor and include all the -@@ -1243,6 +1244,32 @@ - return SFTK_Busy; - } - -+/* find the next available object handle that isn't currently in use */ -+CK_OBJECT_HANDLE -+sftk_getNextHandle(SFTKSlot *slot) -+{ -+ CK_OBJECT_HANDLE handle; -+ SFTKObject *duplicateObject = NULL; -+ do { -+ PRUint32 wrappedAround; -+ -+ duplicateObject = NULL; -+ PZ_Lock(slot->objectLock); -+ wrappedAround = slot->sessionObjectHandleCount & SFTK_TOKEN_MASK; -+ handle = slot->sessionObjectHandleCount & ~SFTK_TOKEN_MASK; -+ if (!handle) /* don't allow zero handle */ -+ handle = NSC_MIN_SESSION_OBJECT_HANDLE; -+ slot->sessionObjectHandleCount = (handle + 1U) | wrappedAround; -+ /* Is there already a session object with this handle? */ -+ if (wrappedAround) { -+ sftkqueue_find(duplicateObject, handle, slot->sessObjHashTable, -+ slot->sessObjHashSize); -+ } -+ PZ_Unlock(slot->objectLock); -+ } while (duplicateObject != NULL); -+ return handle; -+} -+ - /* - * add an object to a slot and session queue. These two functions - * adopt the object. -@@ -1848,23 +1875,13 @@ - } - - /* -- * create a new nession. NOTE: The session handle is not set, and the -+ * Init a new session. NOTE: The session handle is not set, and the - * session is not added to the slot's session queue. - */ --SFTKSession * --sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, -- CK_FLAGS flags) -+CK_RV -+sftk_InitSession(SFTKSession *session, SFTKSlot *slot, CK_SLOT_ID slotID, -+ CK_NOTIFY notify, CK_VOID_PTR pApplication, CK_FLAGS flags) - { -- SFTKSession *session; -- SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE); -- -- if (slot == NULL) -- return NULL; -- -- session = (SFTKSession *)PORT_Alloc(sizeof(SFTKSession)); -- if (session == NULL) -- return NULL; -- - session->next = session->prev = NULL; - session->enc_context = NULL; - session->hash_context = NULL; -@@ -1873,8 +1890,7 @@ - session->objectIDCount = 1; - session->objectLock = PZ_NewLock(nssILockObject); - if (session->objectLock == NULL) { -- PORT_Free(session); -- return NULL; -+ return CKR_HOST_MEMORY; - } - session->objects[0] = NULL; - -@@ -1887,12 +1903,38 @@ - sftk_update_state(slot, session); - /* no ops completed yet, so the last one couldn't be a FIPS op */ - session->lastOpWasFIPS = PR_FALSE; -+ return CKR_OK; -+} -+ -+/* -+ * Create a new session and init it. -+ */ -+SFTKSession * -+sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, -+ CK_FLAGS flags) -+{ -+ SFTKSession *session; -+ SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE); -+ CK_RV crv; -+ -+ if (slot == NULL) -+ return NULL; -+ -+ session = (SFTKSession *)PORT_Alloc(sizeof(SFTKSession)); -+ if (session == NULL) -+ return NULL; -+ -+ crv = sftk_InitSession(session, slot, slotID, notify, pApplication, flags); -+ if (crv != CKR_OK) { -+ PORT_Free(session); -+ return NULL; -+ } - return session; - } - - /* free all the data associated with a session. */ - void --sftk_DestroySession(SFTKSession *session) -+sftk_ClearSession(SFTKSession *session) - { - SFTKObjectList *op, *next; - -@@ -1918,6 +1960,13 @@ - if (session->search) { - sftk_FreeSearch(session->search); - } -+} -+ -+/* free the data associated with the session, and the session */ -+void -+sftk_DestroySession(SFTKSession *session) -+{ -+ sftk_ClearSession(session); - PORT_Free(session); - } - -@@ -2386,3 +2435,70 @@ - return PR_FALSE; - #endif - } -+ -+/* -+ * create the FIPS Validation objects. If the vendor -+ * doesn't supply an NSS_FIPS_MODULE_ID, at compile time, -+ * then we assumethis is an unvalidated module. -+ */ -+CK_RV -+sftk_CreateValidationObjects(SFTKSlot *slot) -+{ -+ const char *module_id; -+ int module_id_len; -+ CK_RV crv = CKR_OK; -+ /* we currently use vendor specific values until the validation -+ * objects are approved for PKCS #11 v3.2. */ -+ CK_OBJECT_CLASS cko_validation = CKO_NSS_VALIDATION; -+ CK_NSS_VALIDATION_TYPE ckv_fips = CKV_NSS_FIPS_140; -+ CK_VERSION fips_version = { 3, 0 }; /* FIPS-140-3 */ -+ CK_ULONG fips_level = 1; /* or 2 if you validated at level 2 */ -+ -+#ifndef NSS_FIPS_MODULE_ID -+#define NSS_FIPS_MODULE_ID "Generic NSS " SOFTOKEN_VERSION " Unvalidated" -+#endif -+ module_id = NSS_FIPS_MODULE_ID; -+ module_id_len = sizeof(NSS_FIPS_MODULE_ID) - 1; -+ SFTKObject *object; -+ -+ object = sftk_NewObject(slot); /* fill in the handle later */ -+ if (object == NULL) { -+ return CKR_HOST_MEMORY; -+ } -+ object->isFIPS = PR_FALSE; -+ -+ crv = sftk_AddAttributeType(object, CKA_CLASS, -+ &cko_validation, sizeof(cko_validation)); -+ if (crv != CKR_OK) { -+ goto loser; -+ } -+ crv = sftk_AddAttributeType(object, CKA_NSS_VALIDATION_TYPE, -+ &ckv_fips, sizeof(ckv_fips)); -+ if (crv != CKR_OK) { -+ goto loser; -+ } -+ crv = sftk_AddAttributeType(object, CKA_NSS_VALIDATION_VERSION, -+ &fips_version, sizeof(fips_version)); -+ if (crv != CKR_OK) { -+ goto loser; -+ } -+ crv = sftk_AddAttributeType(object, CKA_NSS_VALIDATION_LEVEL, -+ &fips_level, sizeof(fips_level)); -+ if (crv != CKR_OK) { -+ goto loser; -+ } -+ crv = sftk_AddAttributeType(object, CKA_NSS_VALIDATION_MODULE_ID, -+ module_id, module_id_len); -+ if (crv != CKR_OK) { -+ goto loser; -+ } -+ -+ /* future, fill in validation certificate information from a supplied -+ * pointer to a config file */ -+ object->handle = sftk_getNextHandle(slot); -+ object->slot = slot; -+ sftk_AddObject(&slot->moduleObjects, object); -+loser: -+ sftk_FreeObject(object); -+ return crv; -+} -diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h ---- a/lib/util/pkcs11n.h -+++ b/lib/util/pkcs11n.h -@@ -38,6 +38,9 @@ - #define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4) - #define CKO_NSS_NEWSLOT (CKO_NSS + 5) - #define CKO_NSS_DELSLOT (CKO_NSS + 6) -+#define CKO_NSS_VALIDATION (CKO_NSS + 7) -+ -+#define CKV_NSS_FIPS_140 (CKO_NSS + 1) - - /* - * NSS-defined key types -@@ -99,6 +102,11 @@ - #define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35) - #define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36) - -+#define CKA_NSS_VALIDATION_TYPE (CKA_NSS + 36) -+#define CKA_NSS_VALIDATION_VERSION (CKA_NSS + 37) -+#define CKA_NSS_VALIDATION_LEVEL (CKA_NSS + 38) -+#define CKA_NSS_VALIDATION_MODULE_ID (CKA_NSS + 39) -+ - /* - * Trust attributes: - * -@@ -344,6 +352,9 @@ - #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) - #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) - -+/* NSS specific types */ -+typedef CK_ULONG CK_NSS_VALIDATION_TYPE; -+ - /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. - See RFC 5869. - -diff --git a/nss.gyp b/nss.gyp ---- a/nss.gyp -+++ b/nss.gyp -@@ -131,6 +131,7 @@ - 'cmd/smimetools/smimetools.gyp:cmsutil', - 'cmd/ssltap/ssltap.gyp:ssltap', - 'cmd/symkeyutil/symkeyutil.gyp:symkeyutil', -+ 'cmd/validation/validation.gyp:validation', - 'nss-tool/nss_tool.gyp:nss', - 'nss-tool/nss_tool.gyp:hw-support', - ], - diff --git a/nss-3.71-fix-lto-gtests.patch b/nss-3.71-fix-lto-gtests.patch index 462e8ad..2699ca3 100644 --- a/nss-3.71-fix-lto-gtests.patch +++ b/nss-3.71-fix-lto-gtests.patch @@ -1,19 +1,14 @@ diff --git a/gtests/ssl_gtest/tls_subcerts_unittest.cc b/gtests/ssl_gtest/tls_subcerts_unittest.cc --- a/gtests/ssl_gtest/tls_subcerts_unittest.cc +++ b/gtests/ssl_gtest/tls_subcerts_unittest.cc -@@ -8,23 +8,32 @@ - - #include "prtime.h" - #include "secerr.h" - #include "ssl.h" - +@@ -15,13 +15,22 @@ #include "gtest_utils.h" #include "tls_agent.h" #include "tls_connect.h" +#define LTO - + namespace nss_test { - + +#ifndef LTO +// sigh this construction breaks LTO const std::string kEcdsaDelegatorId = TlsAgent::kDelegatorEcdsa256; @@ -28,9 +23,4 @@ diff --git a/gtests/ssl_gtest/tls_subcerts_unittest.cc b/gtests/ssl_gtest/tls_su +#endif const SSLSignatureScheme kDCScheme = ssl_sig_ecdsa_secp256r1_sha256; const PRUint32 kDCValidFor = 60 * 60 * 24 * 7 /* 1 week (seconds) */; - - static void CheckPreliminaryPeerDelegCred( - const std::shared_ptr& client, bool expected, - PRUint32 key_bits = 0, SSLSignatureScheme sig_scheme = ssl_sig_none) { - EXPECT_NE(0U, (client->pre_info().valuesSet & ssl_preinfo_peer_auth)); - EXPECT_EQ(expected, client->pre_info().peerDelegCred); + diff --git a/nss-3.71-ipv6-fix.patch b/nss-3.71-ipv6-fix.patch deleted file mode 100644 index b72c80f..0000000 --- a/nss-3.71-ipv6-fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up ./cmd/selfserv/selfserv.c.ipv6_fix ./cmd/selfserv/selfserv.c ---- ./cmd/selfserv/selfserv.c.ipv6_fix 2021-09-14 11:40:06.176408531 -0700 -+++ ./cmd/selfserv/selfserv.c 2021-09-14 11:49:46.361907308 -0700 -@@ -1717,14 +1717,28 @@ getBoundListenSocket(unsigned short port - PRNetAddr addr; - PRSocketOptionData opt; - -- addr.inet.family = PR_AF_INET; -- addr.inet.ip = PR_INADDR_ANY; -- addr.inet.port = PR_htons(port); -+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { -+ errExit("PR_SetNetAddr"); -+ } - -- listen_sock = PR_NewTCPSocket(); -+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); - if (listen_sock == NULL) { - errExit("PR_NewTCPSocket"); - } -+ /* NSPR has a bug where set inheritable doesn't work unless it's a pure -+ * NSPR socket. If we have an IPV6 emulator on an IPV4 socket, it will fail. -+ * In that case just open an IPV4 socket instead */ -+ if (PR_NSPR_IO_LAYER != PR_GetLayersIdentity(listen_sock)) { -+ PR_Close(listen_sock); -+ addr.inet.family = PR_AF_INET; -+ addr.inet.ip = PR_INADDR_ANY; -+ addr.inet.port = PR_htons(port); -+ -+ listen_sock = PR_NewTCPSocket(); -+ if (listen_sock == NULL) { -+ errExit("PR_NewTCPSocket"); -+ } -+ } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; diff --git a/nss-3.75-fix-pkcs12-passwords.patch b/nss-3.75-fix-pkcs12-passwords.patch deleted file mode 100644 index fffe693..0000000 --- a/nss-3.75-fix-pkcs12-passwords.patch +++ /dev/null @@ -1,257 +0,0 @@ -diff --git a/cmd/pk12util/pk12util.c b/cmd/pk12util/pk12util.c ---- a/cmd/pk12util/pk12util.c -+++ b/cmd/pk12util/pk12util.c -@@ -660,16 +660,27 @@ P12U_ExportPKCS12Object(char *nn, char * - } - - /* Password to use for PKCS12 file. */ - pwitem = P12U_GetP12FilePassword(PR_TRUE, p12FilePw); - if (!pwitem) { - goto loser; - } - -+ /* we are passing UTF8, drop the NULL in the normal password value. -+ * UCS2 conversion will add it back if necessary. This only affects -+ * password > Blocksize of the Hash function and pkcs5v2 pbe (if password -+ * <=Blocksize then the password is zero padded anyway, so an extra NULL -+ * at the end has not effect). This is allows us to work with openssl and -+ * gnutls. Older versions of NSS already fail to decrypt long passwords -+ * in this case, so we aren't breaking anyone with this code */ -+ if ((pwitem->len > 1) && (!pwitem->data[pwitem->len-1])) { -+ pwitem->len--; -+ } -+ - p12cxt = p12u_InitContext(PR_FALSE, outfile); - if (!p12cxt) { - SECU_PrintError(progName, "Initialization failed: %s", outfile); - pk12uErrno = PK12UERR_INIT_FILE; - goto loser; - } - - if (certlist) { -diff --git a/lib/pkcs12/p12local.c b/lib/pkcs12/p12local.c ---- a/lib/pkcs12/p12local.c -+++ b/lib/pkcs12/p12local.c -@@ -903,31 +903,35 @@ sec_pkcs12_find_object(SEC_PKCS12SafeCon - i++; - } - } - - PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME); - return NULL; - } - --/* this function converts a password to unicode and encures that the -- * required double 0 byte be placed at the end of the string -+/* this function converts a password to unicode and ensures that the -+ * required double 0 byte be placed at the end of the string (if zeroTerm -+ * is set), or the 0 bytes at the end are dropped (if zeroTerm is not set). - */ - PRBool - sec_pkcs12_convert_item_to_unicode(PLArenaPool *arena, SECItem *dest, - SECItem *src, PRBool zeroTerm, - PRBool asciiConvert, PRBool toUnicode) - { - PRBool success = PR_FALSE; -+ int bufferSize; -+ - if (!src || !dest) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return PR_FALSE; - } - -- dest->len = src->len * 3 + 2; -+ bufferSize = src->len * 3 + 2; -+ dest->len = bufferSize; - if (arena) { - dest->data = (unsigned char *)PORT_ArenaZAlloc(arena, dest->len); - } else { - dest->data = (unsigned char *)PORT_ZAlloc(dest->len); - } - - if (!dest->data) { - dest->len = 0; -@@ -951,34 +955,44 @@ sec_pkcs12_convert_item_to_unicode(PLAre - if (!arena) { - PORT_Free(dest->data); - dest->data = NULL; - dest->len = 0; - } - return PR_FALSE; - } - -- if ((dest->len >= 2) && -- (dest->data[dest->len - 1] || dest->data[dest->len - 2]) && zeroTerm) { -- if (dest->len + 2 > 3 * src->len) { -- if (arena) { -- dest->data = (unsigned char *)PORT_ArenaGrow(arena, -- dest->data, dest->len, -- dest->len + 2); -- } else { -- dest->data = (unsigned char *)PORT_Realloc(dest->data, -- dest->len + 2); -+ /* in some cases we need to add NULL terminations and in others -+ * we need to drop null terminations */ -+ if (zeroTerm) { -+ /* unicode adds two nulls a the end */ -+ if (toUnicode) { -+ if ((dest->len >= 2) && -+ (dest->data[dest->len - 1] || dest->data[dest->len - 2])) { -+ /* we've already allocated space for these new NULLs */ -+ PORT_Assert(dest->len + 2 <= bufferSize); -+ dest->len += 2; -+ dest->data[dest->len - 1] = dest->data[dest->len - 2] = 0; - } -- -- if (!dest->data) { -- return PR_FALSE; -+ /* ascii/utf-8 adds just 1 */ -+ } else if ((dest->len >= 1) && dest->data[dest->len-1]) { -+ PORT_Assert(dest->len + 1 <= bufferSize); -+ dest->len ++; -+ dest->data[dest->len-1] = 0; -+ } -+ } else { -+ /* handle the drop case, no need to do any allocations here. */ -+ if (toUnicode) { -+ while ((dest->len >=2) && !dest->data[dest->len - 1] && -+ !dest->data[dest->len - 2]) { -+ dest->len -= 2; - } -+ } else while (dest->len && !dest->data[dest->len-1]) { -+ dest->len--; - } -- dest->len += 2; -- dest->data[dest->len - 1] = dest->data[dest->len - 2] = 0; - } - - return PR_TRUE; - } - - PRBool - sec_pkcs12_is_pkcs12_pbe_algorithm(SECOidTag algorithm) - { -@@ -1006,27 +1020,28 @@ sec_pkcs12_is_pkcs12_pbe_algorithm(SECOi - } - } - - /* this function decodes a password from Unicode if necessary, - * according to the PBE algorithm. - * - * we assume that the pwitem is already encoded in Unicode by the - * caller. if the encryption scheme is not the one defined in PKCS -- * #12, decode the pwitem back into UTF-8. */ -+ * #12, decode the pwitem back into UTF-8. NOTE: UTF-8 strings are -+ * used in the PRF without the trailing NULL */ - PRBool - sec_pkcs12_decode_password(PLArenaPool *arena, - SECItem *result, - SECOidTag algorithm, - const SECItem *pwitem) - { - if (!sec_pkcs12_is_pkcs12_pbe_algorithm(algorithm)) - return sec_pkcs12_convert_item_to_unicode(arena, result, - (SECItem *)pwitem, -- PR_TRUE, PR_FALSE, PR_FALSE); -+ PR_FALSE, PR_FALSE, PR_FALSE); - - return SECITEM_CopyItem(arena, result, pwitem) == SECSuccess; - } - - /* this function encodes a password into Unicode if necessary, - * according to the PBE algorithm. - * - * we assume that the pwitem holds a raw password. if the encryption -diff --git a/tests/common/init.sh b/tests/common/init.sh ---- a/tests/common/init.sh -+++ b/tests/common/init.sh -@@ -78,25 +78,27 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - - CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions - STAPLINGDIR=${HOSTDIR}/stapling - NOLOGINDIR=${HOSTDIR}/nologin - SSLGTESTDIR=${HOSTDIR}/ssl_gtests - GTESTDIR=${HOSTDIR}/gtests - - PWFILE=${HOSTDIR}/tests.pw -+ LONGPWFILE=${HOSTDIR}/tests.longpw - EMPTY_FILE=${HOSTDIR}/tests_empty - NOISE_FILE=${HOSTDIR}/tests_noise - CORELIST_FILE=${HOSTDIR}/clist - - FIPSPWFILE=${HOSTDIR}/tests.fipspw - FIPSBADPWFILE=${HOSTDIR}/tests.fipsbadpw - FIPSP12PWFILE=${HOSTDIR}/tests.fipsp12pw - - echo nss > ${PWFILE} -+ echo "nss123456789012345678901234567890123456789012345678901234567890_" > ${LONGPWFILE} - echo > ${EMPTY_FILE} - echo "fIps140" > ${FIPSPWFILE} - echo "fips104" > ${FIPSBADPWFILE} - echo "pKcs12fips140" > ${FIPSP12PWFILE} - - noise - - P_SERVER_CADIR=${SERVER_CADIR} -@@ -656,16 +658,17 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU - P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}" - P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}" - P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}" - P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}" - P_R_RSAPSSDIR="multiaccess:${D_RSAPSS}" - fi - - R_PWFILE=../tests.pw -+ R_LONGPWFILE=../tests.longpw - R_EMPTY_FILE=../tests_empty - R_NOISE_FILE=../tests_noise - - R_FIPSPWFILE=../tests.fipspw - R_FIPSBADPWFILE=../tests.fipsbadpw - R_FIPSP12PWFILE=../tests.fipsp12pw - - trap "Exit $0 Signal_caught" 2 3 -diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh ---- a/tests/tools/tools.sh -+++ b/tests/tools/tools.sh -@@ -382,16 +382,40 @@ tools_p12_export_list_import_with_defaul - check_tmpfile - - echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------" - echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}" - ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1 - ret=$? - html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)" - check_tmpfile -+ -+ echo "$SCRIPTNAME: Exporting Alice's email EC cert & key with long pw------" -+ echo "pk12util -o Alice-ec-long.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" -+ echo " -w ${R_LONGPWFILE}" -+ ${BINDIR}/pk12util -o Alice-ec-long.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \ -+ -w ${R_LONGPWFILE} 2>&1 -+ ret=$? -+ html_msg $ret 0 "Exporting Alice's email EC cert & key with long pw (pk12util -o)" -+ check_tmpfile -+ verify_p12 Alice-ec-long.p12 "default" "default" "default" -+ -+ echo "$SCRIPTNAME: Importing Alice's email EC cert & key with long pw-----" -+ echo "pk12util -i Alice-ec-long.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_LONGPWFILE}" -+ ${BINDIR}/pk12util -i Alice-ec-long.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_LONGPWFILE} 2>&1 -+ ret=$? -+ html_msg $ret 0 "Importing Alice's email EC cert & key with long pw (pk12util -i)" -+ check_tmpfile -+ -+ echo "$SCRIPTNAME: Listing Alice's pk12 EC file with long pw ------------" -+ echo "pk12util -l Alice-ec-long.p12 -w ${R_LONGPWFILE}" -+ ${BINDIR}/pk12util -l Alice-ec-long.p12 -w ${R_LONGPWFILE} 2>&1 -+ ret=$? -+ html_msg $ret 0 "Listing Alice's pk12 EC file with long pw (pk12util -l)" -+ check_tmpfile - } - - tools_p12_import_old_files() - { - echo "$SCRIPTNAME: Importing PKCS#12 files created with older NSS --------------" - echo "pk12util -i TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" - ${BINDIR}/pk12util -i ${TOOLSDIR}/data/TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 - ret=$? diff --git a/nss-3.79-dont-verify-default.patch b/nss-3.79-dont-verify-default.patch deleted file mode 100644 index 6c747b6..0000000 --- a/nss-3.79-dont-verify-default.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff --git a/lib/softoken/legacydb/pcertdb.c b/lib/softoken/legacydb/pcertdb.c ---- a/lib/softoken/legacydb/pcertdb.c -+++ b/lib/softoken/legacydb/pcertdb.c -@@ -4272,16 +4272,17 @@ CreateTrust(void) - { - NSSLOWCERTTrust *trust = NULL; - - nsslowcert_LockFreeList(); - trust = trustListHead; - if (trust) { - trustListCount--; - trustListHead = trust->next; -+ trust->next = NULL; - } - PORT_Assert(trustListCount >= 0); - nsslowcert_UnlockFreeList(); - if (trust) { - return trust; - } - - return PORT_ZNew(NSSLOWCERTTrust); -@@ -5155,19 +5156,21 @@ done: - } - - PRBool - nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust) - { - if (trust == NULL) { - return PR_FALSE; - } -- return !((trust->sslFlags & CERTDB_TRUSTED_UNKNOWN) && -- (trust->emailFlags & CERTDB_TRUSTED_UNKNOWN) && -- (trust->objectSigningFlags & CERTDB_TRUSTED_UNKNOWN)); -+ /* if we only have CERTDB__USER and CERTDB_TRUSTED_UNKNOWN bits, then -+ * we don't have a trust record. */ -+ return !(((trust->sslFlags & ~(CERTDB_USER|CERTDB_TRUSTED_UNKNOWN)) == 0) && -+ ((trust->emailFlags & ~(CERTDB_USER|CERTDB_TRUSTED_UNKNOWN)) == 0) && -+ ((trust->objectSigningFlags & ~(CERTDB_USER|CERTDB_TRUSTED_UNKNOWN)) == 0)); - } - - /* - * This function has the logic that decides if another person's cert and - * email profile from an S/MIME message should be saved. It can deal with - * the case when there is no profile. - */ - static SECStatus -diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c ---- a/lib/softoken/sftkdb.c -+++ b/lib/softoken/sftkdb.c -@@ -119,47 +119,79 @@ sftkdb_isAuthenticatedAttribute(CK_ATTRI - case CKA_TRUST_STEP_UP_APPROVED: - case CKA_NSS_OVERRIDE_EXTENSIONS: - return PR_TRUE; - default: - break; - } - return PR_FALSE; - } -- - /* - * convert a native ULONG to a database ulong. Database ulong's - * are all 4 byte big endian values. - */ - void - sftk_ULong2SDBULong(unsigned char *data, CK_ULONG value) - { - int i; - - for (i = 0; i < SDB_ULONG_SIZE; i++) { - data[i] = (value >> (SDB_ULONG_SIZE - 1 - i) * BBP) & 0xff; - } - } - - /* - * convert a database ulong back to a native ULONG. (reverse of the above -- * function. -+ * function). - */ - static CK_ULONG - sftk_SDBULong2ULong(unsigned char *data) - { - int i; - CK_ULONG value = 0; - - for (i = 0; i < SDB_ULONG_SIZE; i++) { - value |= (((CK_ULONG)data[i]) << (SDB_ULONG_SIZE - 1 - i) * BBP); - } - return value; - } - -+/* certain trust records are default values, which are the values -+ * returned if the signature check fails anyway. -+ * In those cases, we can skip the signature check. */ -+PRBool -+sftkdb_isNullTrust(const CK_ATTRIBUTE *template) -+{ -+ switch (template->type) { -+ case CKA_TRUST_SERVER_AUTH: -+ case CKA_TRUST_CLIENT_AUTH: -+ case CKA_TRUST_EMAIL_PROTECTION: -+ case CKA_TRUST_CODE_SIGNING: -+ if (template->ulValueLen != SDB_ULONG_SIZE) { -+ break; -+ } -+ if (sftk_SDBULong2ULong(template->pValue) == -+ CKT_NSS_TRUST_UNKNOWN) { -+ return PR_TRUE; -+ } -+ break; -+ case CKA_TRUST_STEP_UP_APPROVED: -+ if (template->ulValueLen != 1) { -+ break; -+ } -+ if (*((unsigned char *)(template->pValue)) == 0) { -+ return PR_TRUE; -+ } -+ break; -+ default: -+ break; -+ } -+ return PR_FALSE; -+} -+ - /* - * fix up the input templates. Our fixed up ints are stored in data and must - * be freed by the caller. The new template must also be freed. If there are no - * CK_ULONG attributes, the orignal template is passed in as is. - */ - static CK_ATTRIBUTE * - sftkdb_fixupTemplateIn(const CK_ATTRIBUTE *template, int count, - unsigned char **dataOut, int *dataOutSize) -@@ -410,17 +442,18 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *te - } - - /* copy the plain text back into the template */ - PORT_Memcpy(template[i].pValue, plainText->data, plainText->len); - template[i].ulValueLen = plainText->len; - SECITEM_ZfreeItem(plainText, PR_TRUE); - } - /* make sure signed attributes are valid */ -- if (checkSig && sftkdb_isAuthenticatedAttribute(ntemplate[i].type)) { -+ if (checkSig && sftkdb_isAuthenticatedAttribute(ntemplate[i].type) -+ && !sftkdb_isNullTrust(&ntemplate[i])) { - SECStatus rv; - CK_RV local_crv; - SECItem signText; - SECItem plainText; - unsigned char signData[SDB_MAX_META_DATA_LEN]; - - signText.data = signData; - signText.len = sizeof(signData); -@@ -2387,16 +2420,18 @@ sftkdb_mergeObject(SFTKDBHandle *handle, - crv = (*source->sdb_GetAttributeValue)(source, id, - ptemplate, max_attributes); - if (crv != CKR_OK) { - goto loser; - } - - objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate, - max_attributes); -+/*printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id, -+ handle->updateID?handle->updateID: "");*/ - - /* - * Update Object updates the object template if necessary then returns - * whether or not we need to actually write the object out to our target - * database. - */ - if (!handle->updateID) { - crv = sftkdb_CreateObject(arena, handle, target, &newID, diff --git a/nss-3.79-enable-POST-rerun.patch b/nss-3.79-enable-POST-rerun.patch deleted file mode 100644 index 47c1ff8..0000000 --- a/nss-3.79-enable-POST-rerun.patch +++ /dev/null @@ -1,522 +0,0 @@ -diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c ---- a/cmd/bltest/blapitest.c -+++ b/cmd/bltest/blapitest.c -@@ -3870,17 +3870,17 @@ main(int argc, char **argv) - rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff, - encrypt, decrypt); - PORT_Free(cipherInfo); - return rv == SECSuccess ? 0 : 1; - } - - /* Do FIPS self-test */ - if (bltest.commands[cmd_FIPS].activated) { -- CK_RV ckrv = sftk_FIPSEntryOK(); -+ CK_RV ckrv = sftk_FIPSEntryOK(PR_FALSE); - fprintf(stdout, "CK_RV: %ld.\n", ckrv); - PORT_Free(cipherInfo); - if (ckrv == CKR_OK) - return SECSuccess; - return SECFailure; - } - - /* -diff --git a/cmd/pk11mode/pk11mode.c b/cmd/pk11mode/pk11mode.c ---- a/cmd/pk11mode/pk11mode.c -+++ b/cmd/pk11mode/pk11mode.c -@@ -318,23 +318,25 @@ static PRBool verbose = PR_FALSE; - - int - main(int argc, char **argv) - { - CK_C_GetFunctionList pC_GetFunctionList; - CK_FUNCTION_LIST_PTR pFunctionList; - CK_RV crv = CKR_OK; - CK_C_INITIALIZE_ARGS_NSS initArgs; -+ CK_C_INITIALIZE_ARGS_NSS initArgsRerun; /* rerun selftests */ - CK_SLOT_ID *pSlotList = NULL; - CK_TOKEN_INFO tokenInfo; - CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */ - - CK_UTF8CHAR *pwd = NULL; - CK_ULONG pwdLen = 0; - char *moduleSpec = NULL; -+ char *moduleSpecRerun = NULL; - char *configDir = NULL; - char *dbPrefix = NULL; - char *disableUnload = NULL; - PRBool doForkTests = PR_TRUE; - - PLOptStatus os; - PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:"); - while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) { -@@ -458,18 +460,23 @@ main(int argc, char **argv) - initArgs.CreateMutex = NULL; - initArgs.DestroyMutex = NULL; - initArgs.LockMutex = NULL; - initArgs.UnlockMutex = NULL; - initArgs.flags = CKF_OS_LOCKING_OK; - moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' " - "keyPrefix='%s' secmod='secmod.db' flags= ", - configDir, dbPrefix, dbPrefix); -+ moduleSpecRerun = PR_smprintf("configdir='%s' certPrefix='%s' " -+ "keyPrefix='%s' secmod='secmod.db' flags=forcePOST ", -+ configDir, dbPrefix, dbPrefix); - initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec; - initArgs.pReserved = NULL; -+ initArgsRerun = initArgs; -+ initArgsRerun.LibraryParameters = (CK_CHAR_PTR *)moduleSpecRerun; - - /*DebugBreak();*/ - /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */ - /* NSS cryptographic module library initialization for the FIPS */ - /* Approved mode when FC_Initialize is envoked will perfom */ - /* software integrity test, and power-up self-tests before */ - /* FC_Initialize returns */ - crv = pFunctionList->C_Initialize(&initArgs); -@@ -705,17 +712,17 @@ main(int argc, char **argv) - PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv, - PKM_CK_RVtoStr(crv)); - goto cleanup; - } - - if (doForkTests) { - /* testing one more C_Initialize / C_Finalize to exercise getpid() - * fork check code */ -- crv = pFunctionList->C_Initialize(&initArgs); -+ crv = pFunctionList->C_Initialize(&initArgsRerun); - if (crv == CKR_OK) { - PKM_LogIt("C_Initialize succeeded\n"); - } else { - PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, - PKM_CK_RVtoStr(crv)); - goto cleanup; - } - crv = pFunctionList->C_Finalize(NULL); -@@ -741,16 +748,19 @@ cleanup: - free(configDir); - } - if (dbPrefix) { - free(dbPrefix); - } - if (moduleSpec) { - PR_smprintf_free(moduleSpec); - } -+ if (moduleSpecRerun) { -+ PR_smprintf_free(moduleSpecRerun); -+ } - - #ifdef _WIN32 - FreeLibrary(hModule); - #else - disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); - if (!disableUnload) { - PR_UnloadLibrary(lib); - } -diff --git a/lib/freebl/blapii.h b/lib/freebl/blapii.h ---- a/lib/freebl/blapii.h -+++ b/lib/freebl/blapii.h -@@ -24,17 +24,17 @@ typedef SECStatus (*freeblAeadFunc)(void - void *params, unsigned int paramsLen, - const unsigned char *aad, unsigned int aadLen, - unsigned int blocksize); - typedef void (*freeblDestroyFunc)(void *cx, PRBool freeit); - - SEC_BEGIN_PROTOS - - #ifndef NSS_FIPS_DISABLED --SECStatus BL_FIPSEntryOK(PRBool freeblOnly); -+SECStatus BL_FIPSEntryOK(PRBool freeblOnly, PRBool rerun); - PRBool BL_POSTRan(PRBool freeblOnly); - #endif - - #if defined(XP_UNIX) && !defined(NO_FORK_CHECK) - - extern PRBool bl_parentForkedAfterC_Initialize; - - #define SKIP_AFTER_FORK(x) \ -diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h ---- a/lib/freebl/blapit.h -+++ b/lib/freebl/blapit.h -@@ -223,16 +223,21 @@ typedef int __BLAPI_DEPRECATED __attribu - * - * If we arbitrarily set p = 10^-18 (1 chance in trillion trillion operation) - * we get GCMIV_RANDOM_BIRTHDAY_BITS = -(-18)/.301 -1 = 59 (.301 = log10 2) - * GCMIV_RANDOM_BIRTHDAY_BITS should be at least 59, call it a round 64. NOTE: - * the variable IV size for TLS is 64 bits, which explains why it's not safe - * to use a random value for the nonce in TLS. */ - #define GCMIV_RANDOM_BIRTHDAY_BITS 64 - -+/* flag to tell BLAPI_Verify* to rerun the post and integrity tests */ -+#define BLAPI_FIPS_RERUN_FLAG '\377' /* 0xff, 255 invalide code for UFT8/ASCII */ -+#define BLAPI_FIPS_RERUN_FLAG_STRING "\377" /* The above as a C string */ -+ -+ - /*************************************************************************** - ** Opaque objects - */ - - struct DESContextStr; - struct RC2ContextStr; - struct RC4ContextStr; - struct RC5ContextStr; -diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c ---- a/lib/freebl/fipsfreebl.c -+++ b/lib/freebl/fipsfreebl.c -@@ -2211,29 +2211,37 @@ bl_startup_tests(void) - } - - /* - * this is called from the freebl init entry points that controll access to - * all other freebl functions. This prevents freebl from operating if our - * power on selftest failed. - */ - SECStatus --BL_FIPSEntryOK(PRBool freebl_only) -+BL_FIPSEntryOK(PRBool freebl_only, PRBool rerun) - { - #ifdef NSS_NO_INIT_SUPPORT - /* this should only be set on platforms that can't handle one of the INIT - * schemes. This code allows those platforms to continue to function, - * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT - * is not set, and init support has not been properly enabled, freebl - * will always fail because of the test below - */ - if (!self_tests_freebl_ran) { - bl_startup_tests(); - } - #endif -+ if (rerun) { -+ /* reset the flags */ -+ self_tests_freebl_ran = PR_FALSE; -+ self_tests_success = PR_FALSE; -+ self_tests_success = PR_FALSE; -+ self_tests_freebl_success = PR_FALSE; -+ bl_startup_tests(); -+ } - /* if the general self tests succeeded, we're done */ - if (self_tests_success) { - return SECSuccess; - } - /* standalone freebl can initialize */ - if (freebl_only && self_tests_freebl_success) { - return SECSuccess; - } -diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c ---- a/lib/freebl/nsslowhash.c -+++ b/lib/freebl/nsslowhash.c -@@ -55,17 +55,17 @@ NSSLOW_Init(void) - #ifdef FREEBL_NO_DEPEND - (void)FREEBL_InitStubs(); - #endif - - #ifndef NSS_FIPS_DISABLED - /* make sure the FIPS product is installed if we are trying to - * go into FIPS mode */ - if (nsslow_GetFIPSEnabled()) { -- if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) { -+ if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - post_failed = PR_TRUE; - return NULL; - } - } - #endif - post_failed = PR_FALSE; - -diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c ---- a/lib/freebl/shvfy.c -+++ b/lib/freebl/shvfy.c -@@ -282,52 +282,62 @@ readItem(PRFileDesc *fd, SECItem *item) - PORT_Free(item->data); - item->data = NULL; - item->len = 0; - return SECFailure; - } - return SECSuccess; - } - --static PRBool blapi_SHVerifyFile(const char *shName, PRBool self); -+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun); - - static PRBool --blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self) -+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun) - { - PRBool result = PR_FALSE; /* if anything goes wrong, - * the signature does not verify */ - /* find our shared library name */ - char *shName = PR_GetLibraryFilePathname(name, addr); - if (!shName) { - goto loser; - } -- result = blapi_SHVerifyFile(shName, self); -+ result = blapi_SHVerifyFile(shName, self, rerun); - - loser: - if (shName != NULL) { - PR_Free(shName); - } - - return result; - } - - PRBool - BLAPI_SHVerify(const char *name, PRFuncPtr addr) - { -- return blapi_SHVerify(name, addr, PR_FALSE); -+ PRBool rerun = PR_FALSE; -+ if (name && *name == BLAPI_FIPS_RERUN_FLAG) { -+ name++; -+ rerun = PR_TRUE; -+ } -+ return blapi_SHVerify(name, addr, PR_FALSE, rerun); - } - - PRBool - BLAPI_SHVerifyFile(const char *shName) - { -- return blapi_SHVerifyFile(shName, PR_FALSE); -+ PRBool rerun = PR_FALSE; -+ if (shName && *shName == BLAPI_FIPS_RERUN_FLAG) { -+ shName++; -+ rerun = PR_TRUE; -+ } -+ return blapi_SHVerifyFile(shName, PR_FALSE, rerun); - } - - static PRBool --blapi_SHVerifyFile(const char *shName, PRBool self) -+blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun) - { - char *checkName = NULL; - PRFileDesc *checkFD = NULL; - PRFileDesc *shFD = NULL; - void *hashcx = NULL; - const SECHashObject *hashObj = NULL; - SECItem signature = { 0, NULL, 0 }; - SECItem hash; -@@ -346,17 +356,17 @@ blapi_SHVerifyFile(const char *shName, P - unsigned char hashBuf[HASH_LENGTH_MAX]; - - PORT_Memset(&key, 0, sizeof(key)); - hash.data = hashBuf; - hash.len = sizeof(hashBuf); - - /* If our integrity check was never ran or failed, fail any other - * integrity checks to prevent any token going into FIPS mode. */ -- if (!self && (BL_FIPSEntryOK(PR_FALSE) != SECSuccess)) { -+ if (!self && (BL_FIPSEntryOK(PR_FALSE, rerun) != SECSuccess)) { - return PR_FALSE; - } - - if (!shName) { - goto loser; - } - - /* figure out the name of our check file */ -@@ -536,17 +546,17 @@ BLAPI_VerifySelf(const char *name) - { - if (name == NULL) { - /* - * If name is NULL, freebl is statically linked into softoken. - * softoken will call BLAPI_SHVerify next to verify itself. - */ - return PR_TRUE; - } -- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE); -+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE); - } - - #else /* NSS_FIPS_DISABLED */ - - PRBool - BLAPI_SHVerifyFile(const char *shName) - { - return PR_FALSE; -diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c ---- a/lib/softoken/fipstest.c -+++ b/lib/softoken/fipstest.c -@@ -684,22 +684,25 @@ sftk_fips_HKDF_PowerUpSelfTest(void) - - static PRBool sftk_self_tests_ran = PR_FALSE; - static PRBool sftk_self_tests_success = PR_FALSE; - - /* - * This function is called at dll load time, the code tha makes this - * happen is platform specific on defined above. - */ --static void --sftk_startup_tests(void) -+void sftk_startup_tests_with_rerun(PRBool rerun) - { - SECStatus rv; -- const char *libraryName = SOFTOKEN_LIB_NAME; -- -+ /*const char *nlibraryName = SOFTOKEN_LIB_NAME; -+ const char *rlibraryName = BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME; */ -+ const char *libraryName = rerun ? -+ BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME : -+ SOFTOKEN_LIB_NAME; -+ - PORT_Assert(!sftk_self_tests_ran); - PORT_Assert(!sftk_self_tests_success); - sftk_self_tests_ran = PR_TRUE; - sftk_self_tests_success = PR_FALSE; /* just in case */ - - /* need to initiallize the oid library before the RSA tests */ - rv = SECOID_Init(); - if (rv != SECSuccess) { -@@ -746,35 +749,46 @@ sftk_startup_tests(void) - rv = sftk_fips_pbkdf_PowerUpSelfTests(); - if (rv != SECSuccess) { - return; - } - - sftk_self_tests_success = PR_TRUE; - } - -+static void -+sftk_startup_tests(void) -+{ -+ sftk_startup_tests_with_rerun(PR_FALSE); -+} -+ - /* - * this is called from nsc_Common_Initizialize entry points that gates access - * to * all other pkcs11 functions. This prevents softoken operation if our - * power on selftest failed. - */ - CK_RV --sftk_FIPSEntryOK() -+sftk_FIPSEntryOK(PRBool rerun) - { - #ifdef NSS_NO_INIT_SUPPORT - /* this should only be set on platforms that can't handle one of the INIT - * schemes. This code allows those platforms to continue to function, - * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT - * is not set, and init support has not been properly enabled, softken - * will always fail because of the test below - */ - if (!sftk_self_tests_ran) { - sftk_startup_tests(); - } - #endif -+ if (rerun) { -+ sftk_self_tests_ran = PR_FALSE; -+ sftk_self_tests_success = PR_FALSE; -+ sftk_startup_tests_with_rerun(PR_TRUE); -+ } - if (!sftk_self_tests_success) { - return CKR_DEVICE_ERROR; - } - return CKR_OK; - } - #else - #include "pkcs11t.h" - CK_RV -diff --git a/lib/softoken/fipstokn.c b/lib/softoken/fipstokn.c ---- a/lib/softoken/fipstokn.c -+++ b/lib/softoken/fipstokn.c -@@ -524,25 +524,32 @@ fc_log_init_error(CK_RV crv) - } - - /* FC_Initialize initializes the PKCS #11 library. */ - CK_RV - FC_Initialize(CK_VOID_PTR pReserved) - { - const char *envp; - CK_RV crv; -+ PRBool rerun; - - if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) { - sftk_audit_enabled = (atoi(envp) == 1); - } - -+ /* if we have the forcePOST flag on, rerun the integrity checks */ -+ /* we need to know this before we fully parse the arguments in -+ * nsc_CommonInitialize, so read it now */ -+ rerun = sftk_RawArgHasFlag("flags", "forcePost", pReserved); -+ - /* At this point we should have already done post and integrity checks. - * if we haven't, it probably means the FIPS product has not been installed -- * or the tests failed. Don't let an application try to enter FIPS mode */ -- crv = sftk_FIPSEntryOK(); -+ * or the tests failed. Don't let an application try to enter FIPS mode. This -+ * also forces the tests to be rerun if forcePOST is set. */ -+ crv = sftk_FIPSEntryOK(rerun); - if (crv != CKR_OK) { - sftk_fatalError = PR_TRUE; - fc_log_init_error(crv); - return crv; - } - - sftk_ForkReset(pReserved, &crv); - -diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h ---- a/lib/softoken/pkcs11i.h -+++ b/lib/softoken/pkcs11i.h -@@ -869,16 +869,17 @@ extern CK_RV sftk_MechAllowsOperation(CK - * acquiring a reference to the keydb from the slot */ - NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey); - - /* - * parameter parsing functions - */ - CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS); - void sftk_freeParams(sftk_parameters *params); -+PRBool sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved); - - /* - * narrow objects - */ - SFTKSessionObject *sftk_narrowToSessionObject(SFTKObject *); - SFTKTokenObject *sftk_narrowToTokenObject(SFTKObject *); - - /* -diff --git a/lib/softoken/sftkpars.c b/lib/softoken/sftkpars.c ---- a/lib/softoken/sftkpars.c -+++ b/lib/softoken/sftkpars.c -@@ -244,8 +244,21 @@ sftk_freeParams(sftk_parameters *params) - FREE_CLEAR(params->configdir); - FREE_CLEAR(params->secmodName); - FREE_CLEAR(params->man); - FREE_CLEAR(params->libdes); - FREE_CLEAR(params->tokens); - FREE_CLEAR(params->updatedir); - FREE_CLEAR(params->updateID); - } -+ -+PRBool -+sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved) -+{ -+ CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved; -+ -+ /* if we don't have any params, the flag isn't set */ -+ if ((!init_args || !init_args->LibraryParameters)) { -+ return PR_FALSE; -+ } -+ -+ return NSSUTIL_ArgHasFlag(entry, flag, (const char *)init_args->LibraryParameters); -+} -diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h ---- a/lib/softoken/softoken.h -+++ b/lib/softoken/softoken.h -@@ -52,17 +52,17 @@ extern unsigned char *CBC_PadBuffer(PLAr - unsigned int inlen, unsigned int *outlen, - int blockSize); - - /****************************************/ - /* - ** Power-Up selftests are required for FIPS. - */ - /* make sure Power-up selftests have been run. */ --extern CK_RV sftk_FIPSEntryOK(void); -+extern CK_RV sftk_FIPSEntryOK(PRBool rerun); - - /* - ** make known fixed PKCS #11 key types to their sizes in bytes - */ - unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType); - - /* - ** FIPS 140-2 auditing diff --git a/nss-3.79-fips-review.patches b/nss-3.79-fips-review.patches index 4ec93d9..14c904a 100644 --- a/nss-3.79-fips-review.patches +++ b/nss-3.79-fips-review.patches @@ -1,6 +1,6 @@ diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c ---- ./lib/freebl/dh.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/freebl/dh.c 2023-03-17 10:53:23.552658592 -0700 +--- ./lib/freebl/dh.c.fips-review 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/freebl/dh.c 2023-06-12 15:30:23.453233170 -0700 @@ -445,7 +445,7 @@ cleanup: PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) @@ -50,9 +50,9 @@ diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c MP_TO_SEC_ERROR(err); return PR_FALSE; diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c ---- ./lib/softoken/pkcs11c.c.fips-review 2023-03-17 10:53:13.569590567 -0700 -+++ ./lib/softoken/pkcs11c.c 2023-03-17 10:53:23.552658592 -0700 -@@ -4780,6 +4780,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi +--- ./lib/softoken/pkcs11c.c.fips-review 2023-06-12 15:29:04.096403884 -0700 ++++ ./lib/softoken/pkcs11c.c 2023-06-12 15:30:23.454233181 -0700 +@@ -4785,6 +4785,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi * handle the base object stuff */ crv = sftk_handleObject(key, session); @@ -63,7 +63,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c sftk_FreeSession(session); if (crv == CKR_OK && sftk_isTrue(key, CKA_SENSITIVE)) { crv = sftk_forceAttribute(key, CKA_ALWAYS_SENSITIVE, &cktrue, sizeof(CK_BBOOL)); -@@ -4787,9 +4791,6 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi +@@ -4792,9 +4796,6 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi if (crv == CKR_OK && !sftk_isTrue(key, CKA_EXTRACTABLE)) { crv = sftk_forceAttribute(key, CKA_NEVER_EXTRACTABLE, &cktrue, sizeof(CK_BBOOL)); } @@ -73,7 +73,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c if (crv == CKR_OK) { *phKey = key->handle; } -@@ -5093,60 +5094,67 @@ sftk_PairwiseConsistencyCheck(CK_SESSION +@@ -5098,60 +5099,67 @@ sftk_PairwiseConsistencyCheck(CK_SESSION if (isDerivable) { SFTKAttribute *pubAttribute = NULL; @@ -189,7 +189,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c /* FIPS requires full validation, but in fipx mode NSC_Derive * only does partial validation with approved primes, now handle * full validation */ -@@ -5154,44 +5162,78 @@ sftk_PairwiseConsistencyCheck(CK_SESSION +@@ -5159,44 +5167,78 @@ sftk_PairwiseConsistencyCheck(CK_SESSION SECItem pubKey; SECItem prime; SECItem subPrime; @@ -283,7 +283,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c } return CKR_OK; -@@ -5709,8 +5751,8 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS +@@ -5714,8 +5756,8 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS * created and linked. */ crv = sftk_handleObject(publicKey, session); @@ -293,7 +293,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c sftk_FreeObject(publicKey); NSC_DestroyObject(hSession, privateKey->handle); sftk_FreeObject(privateKey); -@@ -5752,6 +5794,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS +@@ -5757,6 +5799,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS } if (crv != CKR_OK) { @@ -301,7 +301,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c NSC_DestroyObject(hSession, publicKey->handle); sftk_FreeObject(publicKey); NSC_DestroyObject(hSession, privateKey->handle); -@@ -5761,6 +5804,8 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS +@@ -5766,6 +5809,8 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS /* we need to do this check at the end to make sure the generated key meets the key length requirements */ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_NSS_GENERATE_KEY_PAIR, privateKey); publicKey->isFIPS = privateKey->isFIPS; @@ -310,7 +310,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c *phPrivateKey = privateKey->handle; *phPublicKey = publicKey->handle; -@@ -8381,7 +8426,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -8386,7 +8431,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession /* if the prime is an approved prime, we can skip all the other * checks. */ @@ -319,7 +319,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c if (subPrime == NULL) { SECItem dhSubPrime; /* If the caller set the subprime value, it means that -@@ -8563,6 +8608,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -8568,6 +8613,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession secretlen = tmp.len; } else { secretlen = keySize; @@ -328,9 +328,9 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c &tmp, mechParams->pSharedData, mechParams->ulSharedDataLen, mechParams->kdf); diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c ---- ./lib/softoken/pkcs11.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/softoken/pkcs11.c 2023-03-17 10:53:23.553658599 -0700 -@@ -4599,7 +4599,10 @@ NSC_CreateObject(CK_SESSION_HANDLE hSess +--- ./lib/softoken/pkcs11.c.fips-review 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/softoken/pkcs11.c 2023-06-12 15:30:23.454233181 -0700 +@@ -4625,7 +4625,10 @@ NSC_CreateObject(CK_SESSION_HANDLE hSess if (object == NULL) { return CKR_HOST_MEMORY; } @@ -343,8 +343,8 @@ diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c /* diff -up ./lib/softoken/pkcs11i.h.fips-review ./lib/softoken/pkcs11i.h ---- ./lib/softoken/pkcs11i.h.fips-review 2023-03-17 10:53:13.569590567 -0700 -+++ ./lib/softoken/pkcs11i.h 2023-03-17 10:53:23.553658599 -0700 +--- ./lib/softoken/pkcs11i.h.fips-review 2023-06-12 15:29:04.097403894 -0700 ++++ ./lib/softoken/pkcs11i.h 2023-06-12 15:30:23.454233181 -0700 @@ -971,7 +971,7 @@ char **NSC_ModuleDBFunc(unsigned long fu /* dh verify functions */ /* verify that dhPrime matches one of our known primes, and if so return @@ -355,9 +355,9 @@ diff -up ./lib/softoken/pkcs11i.h.fips-review ./lib/softoken/pkcs11i.h SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); /* map an operation Attribute to a Mechanism flag */ diff -up ./lib/softoken/pkcs11u.c.fips-review ./lib/softoken/pkcs11u.c ---- ./lib/softoken/pkcs11u.c.fips-review 2023-03-17 10:53:13.570590574 -0700 -+++ ./lib/softoken/pkcs11u.c 2023-03-17 10:54:53.009268164 -0700 -@@ -2404,15 +2404,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME +--- ./lib/softoken/pkcs11u.c.fips-review 2023-06-12 15:29:04.097403894 -0700 ++++ ./lib/softoken/pkcs11u.c 2023-06-12 15:30:23.454233181 -0700 +@@ -2403,15 +2403,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME switch (mechInfo->special) { case SFTKFIPSDH: { SECItem dhPrime; @@ -388,11 +388,11 @@ diff -up ./lib/softoken/pkcs11u.c.fips-review ./lib/softoken/pkcs11u.c case SFTKFIPSNone: return PR_FALSE; diff -up ./lib/softoken/sftkdhverify.c.fips-review ./lib/softoken/sftkdhverify.c ---- ./lib/softoken/sftkdhverify.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/softoken/sftkdhverify.c 2023-03-17 10:53:23.553658599 -0700 -@@ -1167,11 +1167,20 @@ static const SECItem subprime_tls_8192 = - (unsigned char *)subprime_tls_8192_data, - sizeof(subprime_tls_8192_data) }; +--- ./lib/softoken/sftkdhverify.c.fips-review 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/softoken/sftkdhverify.c 2023-06-12 15:30:23.455233191 -0700 +@@ -6726,11 +6726,20 @@ static const SECItem subprime_tls_8192 = + (unsigned char *)subprime_tls_8192_data, + sizeof(subprime_tls_8192_data) }; +/* generator for all the groups is 2 */ +static const unsigned char generator_2_data[] = { 2 }; @@ -412,7 +412,7 @@ diff -up ./lib/softoken/sftkdhverify.c.fips-review ./lib/softoken/sftkdhverify.c { /* use the length to decide which primes to check */ switch (dhPrime->len) { -@@ -1182,56 +1191,67 @@ sftk_VerifyDH_Prime(SECItem *dhPrime, PR +@@ -6741,56 +6750,67 @@ sftk_VerifyDH_Prime(SECItem *dhPrime, PR } if (PORT_Memcmp(dhPrime->data, prime_ike_1536, sizeof(prime_ike_1536)) == 0) { @@ -481,8 +481,8 @@ diff -up ./lib/softoken/sftkdhverify.c.fips-review ./lib/softoken/sftkdhverify.c } break; diff -up ./lib/softoken/sftkike.c.fips-review ./lib/softoken/sftkike.c ---- ./lib/softoken/sftkike.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/softoken/sftkike.c 2023-03-17 10:53:23.553658599 -0700 +--- ./lib/softoken/sftkike.c.fips-review 2023-06-04 01:42:53.000000000 -0700 ++++ ./lib/softoken/sftkike.c 2023-06-12 15:30:23.455233191 -0700 @@ -516,6 +516,11 @@ sftk_ike_prf(CK_SESSION_HANDLE hSession, goto fail; } diff --git a/nss-3.79-fips.patch b/nss-3.79-fips.patch index 561113c..07c500f 100644 --- a/nss-3.79-fips.patch +++ b/nss-3.79-fips.patch @@ -160,178 +160,19 @@ diff --git a/lib/softoken/config.mk b/lib/softoken/config.mk +DEFINES += -DNSS_FIPS_140_3 +endif + -diff --git a/lib/softoken/fips_algorithms.h b/lib/softoken/fips_algorithms.h ---- a/lib/softoken/fips_algorithms.h -+++ b/lib/softoken/fips_algorithms.h -@@ -49,33 +49,45 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - #define CKF_KEK (CKF_WRAP | CKF_UNWRAP) - #define CKF_KEA CKF_DERIVE - #define CKF_KDF CKF_DERIVE - #define CKF_HSH CKF_DIGEST - #define CK_MAX 0xffffffffUL - /* mechanisms using the same key types share the same key type - * limits */ - #define RSA_FB_KEY 2048, 4096 /* min, max */ --#define RSA_FB_STEP 1024 -+#define RSA_FB_STEP 1 -+#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */ -+#define RSA_LEGACY_FB_STEP 256 -+ - #define DSA_FB_KEY 2048, 4096 /* min, max */ - #define DSA_FB_STEP 1024 - #define DH_FB_KEY 2048, 4096 /* min, max */ - #define DH_FB_STEP 1024 - #define EC_FB_KEY 256, 521 /* min, max */ - #define EC_FB_STEP 1 /* key limits handled by special operation */ - #define AES_FB_KEY 128, 256 - #define AES_FB_STEP 64 - { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, -- { CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone }, -+ { CKM_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ - /* -------------- RSA Multipart Signing Operations -------------------- */ - { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA384_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA512_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, -+ { CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, - { CKM_SHA224_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - /* ------------------------- DSA Operations --------------------------- */ - { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, - { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, - { CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, -@@ -95,76 +107,73 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - { CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, - { CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, - { CKM_ECDSA_SHA512, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, - /* ------------------------- RC2 Operations --------------------------- */ - /* ------------------------- AES Operations --------------------------- */ - { CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, -- { CKM_AES_MAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, -- { CKM_AES_MAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CTS, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CTR, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_GCM, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSAEAD }, - { CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, -- { CKM_AES_XCBC_MAC_96, { 96, 96, CKF_SGN }, 1, SFTKFIPSNone }, -- { CKM_AES_XCBC_MAC, { 128, 128, CKF_SGN }, 1, SFTKFIPSNone }, - /* ------------------------- Hashing Operations ----------------------- */ - { CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, - { CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone }, - { CKM_SHA224_HMAC_GENERAL, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone }, - { CKM_SHA256, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, -- { CKM_SHA256_HMAC, { 128, 256, CKF_SGN }, 1, SFTKFIPSNone }, -- { CKM_SHA256_HMAC_GENERAL, { 128, 256, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_SHA256_HMAC, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_SHA256_HMAC_GENERAL, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone }, - { CKM_SHA384, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, -- { CKM_SHA384_HMAC, { 192, 384, CKF_SGN }, 1, SFTKFIPSNone }, -- { CKM_SHA384_HMAC_GENERAL, { 192, 384, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_SHA384_HMAC, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_SHA384_HMAC_GENERAL, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone }, - { CKM_SHA512, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, -- { CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone }, -- { CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_SHA512_HMAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_SHA512_HMAC_GENERAL, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, - /* --------------------- Secret Key Operations ------------------------ */ -- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone }, -+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, - /* ---------------------- SSL/TLS operations ------------------------- */ - { CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SHA256_KEY_DERIVATION, { 128, 256, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SHA384_KEY_DERIVATION, { 192, 284, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SHA512_KEY_DERIVATION, { 256, 512, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SHA256_KEY_DERIVATION, { 112, 256, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SHA384_KEY_DERIVATION, { 112, 284, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SHA512_KEY_DERIVATION, { 112, 512, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SSL3_PRE_MASTER_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_TLS_PRF_GENERAL, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone }, -- { CKM_TLS_MAC, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_TLS_PRF_GENERAL, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, - /* sigh, is this algorithm really tested. ssl doesn't seem to have a - * way of turning the extension off */ - { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone }, - - /* ------------------------- HKDF Operations -------------------------- */ -- { CKM_HKDF_DERIVE, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_HKDF_DATA, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_HKDF_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_HKDF_DATA, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone }, - /* ------------------ NIST 800-108 Key Derivations ------------------- */ -- { CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, - /* --------------------IPSEC ----------------------- */ -- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE_PRF_DERIVE, { 112, 64, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE1_PRF_DERIVE, { 112, 64, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, - /* ------------------ PBE Key Derivations ------------------- */ -- { CKM_PKCS5_PBKD2, { 1, 256, CKF_GEN }, 1, SFTKFIPSNone }, -+ { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 512, 512, CKF_GEN }, 1, SFTKFIPSNone } - }; - const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs); diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c --- a/lib/softoken/lowpbe.c +++ b/lib/softoken/lowpbe.c -@@ -1765,27 +1765,29 @@ SECStatus - sftk_fips_pbkdf_PowerUpSelfTests(void) - { - SECItem *result; - SECItem inKey; - NSSPKCS5PBEParameter pbe_params; +@@ -1766,16 +1766,20 @@ sftk_fips_pbkdf_PowerUpSelfTests(void) unsigned char iteration_count = 5; unsigned char keyLen = 64; char *inKeyData = TEST_KEY; -- static const unsigned char saltData[] = -- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; +- static const unsigned char saltData[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; + static const unsigned char saltData[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; ++ static const unsigned char pbkdf_known_answer[] = { - 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29, - 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c, @@ -350,13 +191,8 @@ diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c + 0x17, 0x97, 0x73, 0x75, 0x7b, 0x88, 0x49, 0xd8, + 0x6f, 0x78, 0x5a, 0xde, 0x50, 0x20, 0x55, 0x33 }; - + sftk_PBELockInit(); - - inKey.data = (unsigned char *)inKeyData; - inKey.len = sizeof(TEST_KEY) - 1; - - pbe_params.salt.data = (unsigned char *)saltData; diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c diff --git a/nss-3.79-fix-client-cert-crash.patch b/nss-3.79-fix-client-cert-crash.patch deleted file mode 100644 index 2d752e4..0000000 --- a/nss-3.79-fix-client-cert-crash.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c ---- a/lib/ssl/authcert.c -+++ b/lib/ssl/authcert.c -@@ -201,16 +201,19 @@ NSS_GetClientAuthData(void *arg, - - /* otherwise look through the cache based on usage - * if chosenNickname is set, we ignore the expiration date */ - if (certList == NULL) { - certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), - certUsageSSLClient, - PR_FALSE, chosenNickName == NULL, - pw_arg); -+ if (certList == NULL) { -+ return SECFailure; -+ } - /* filter only the certs that meet the nickname requirements */ - if (chosenNickName) { - rv = CERT_FilterCertListByNickname(certList, chosenNickName, - pw_arg); - } else { - int nnames = 0; - char **names = ssl_DistNamesToStrings(caNames, &nnames); - rv = CERT_FilterCertListByCANames(certList, nnames, names, diff --git a/nss-3.79-increase-pbe-cache.patch b/nss-3.79-increase-pbe-cache.patch deleted file mode 100644 index e175766..0000000 --- a/nss-3.79-increase-pbe-cache.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c ---- a/lib/softoken/lowpbe.c -+++ b/lib/softoken/lowpbe.c -@@ -565,17 +565,17 @@ struct KDFCacheItemStr { - int iterations; - int keyLen; - }; - typedef struct KDFCacheItemStr KDFCacheItem; - - /* Bug 1606992 - Cache the hash result for the common case that we're - * asked to repeatedly compute the key for the same password item, - * hash, iterations and salt. */ --#define KDF2_CACHE_COUNT 3 -+#define KDF2_CACHE_COUNT 150 - static struct { - PZLock *lock; - struct { - KDFCacheItem common; - int ivLen; - PRBool faulty3DES; - } cacheKDF1; - struct { diff --git a/nss-3.79-pkcs12-fix-null-password.patch b/nss-3.79-pkcs12-fix-null-password.patch deleted file mode 100644 index 1195e5c..0000000 --- a/nss-3.79-pkcs12-fix-null-password.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ./lib/pkcs12/p12local.c.fix_null_password ./lib/pkcs12/p12local.c ---- ./lib/pkcs12/p12local.c.fix_null_password 2022-07-20 14:15:45.081009438 -0700 -+++ ./lib/pkcs12/p12local.c 2022-07-20 14:19:40.856546963 -0700 -@@ -968,15 +968,14 @@ sec_pkcs12_convert_item_to_unicode(PLAre - if (zeroTerm) { - /* unicode adds two nulls at the end */ - if (toUnicode) { -- if ((dest->len >= 2) && -- (dest->data[dest->len - 1] || dest->data[dest->len - 2])) { -+ if ((dest->len < 2) || dest->data[dest->len - 1] || dest->data[dest->len - 2]) { - /* we've already allocated space for these new NULLs */ - PORT_Assert(dest->len + 2 <= bufferSize); - dest->len += 2; - dest->data[dest->len - 1] = dest->data[dest->len - 2] = 0; - } - /* ascii/utf-8 adds just 1 */ -- } else if ((dest->len >= 1) && dest->data[dest->len - 1]) { -+ } else if (!dest->len || dest->data[dest->len - 1]) { - PORT_Assert(dest->len + 1 <= bufferSize); - dest->len++; - dest->data[dest->len - 1] = 0; diff --git a/nss-3.79-rhel-9-fips-signature-policy.patch b/nss-3.79-rhel-9-fips-signature-policy.patch deleted file mode 100644 index 7d99e18..0000000 --- a/nss-3.79-rhel-9-fips-signature-policy.patch +++ /dev/null @@ -1,672 +0,0 @@ -diff -up ./cmd/crmftest/testcrmf.c.signature-policy ./cmd/crmftest/testcrmf.c ---- ./cmd/crmftest/testcrmf.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./cmd/crmftest/testcrmf.c 2022-06-21 09:16:23.916905015 -0700 -@@ -85,7 +85,7 @@ - #include "sechash.h" - #endif - --#define MAX_KEY_LEN 512 -+#define MAX_KEY_LEN 1024 - #define PATH_LEN 150 - #define BUFF_SIZE 150 - #define UID_BITS 800 -diff -up ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc.signature-policy ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc ---- ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc 2022-06-21 09:16:23.916905015 -0700 -@@ -16,6 +16,7 @@ - #include "secerr.h" - #include "sechash.h" - #include "pk11_signature_test.h" -+#include "blapit.h" - - #include "testvectors/rsa_signature_2048_sha224-vectors.h" - #include "testvectors/rsa_signature_2048_sha256-vectors.h" -@@ -109,7 +110,11 @@ class Pkcs11RsaPkcs1WycheproofTest - * Use 6 as the invalid value since modLen % 16 must be zero. - */ - TEST(RsaPkcs1Test, Pkcs1MinimumPadding) { -- const size_t kRsaShortKeyBits = 736; -+#define RSA_SHORT_KEY_LENGTH 736 -+/* if our minimum supported key length is big enough to handle -+ * our largest Hash function, we can't test a short length */ -+#if RSA_MIN_MODULUS_BITS < RSA_SHORT_KEY_LENGTH -+ const size_t kRsaShortKeyBits = RSA_SHORT_KEY_LENGTH; - const size_t kRsaKeyBits = 752; - static const std::vector kMsg{'T', 'E', 'S', 'T'}; - static const std::vector kSha512DigestInfo{ -@@ -209,6 +214,9 @@ TEST(RsaPkcs1Test, Pkcs1MinimumPadding) - SEC_OID_PKCS1_RSA_ENCRYPTION, SEC_OID_SHA512, - nullptr); - EXPECT_EQ(SECSuccess, rv); -+#else -+ GTEST_SKIP(); -+#endif - } - - TEST(RsaPkcs1Test, RequireNullParameter) { -diff -up ./gtests/ssl_gtest/tls_subcerts_unittest.cc.signature-policy ./gtests/ssl_gtest/tls_subcerts_unittest.cc ---- ./gtests/ssl_gtest/tls_subcerts_unittest.cc.signature-policy 2022-06-21 09:16:23.901904919 -0700 -+++ ./gtests/ssl_gtest/tls_subcerts_unittest.cc 2022-06-21 09:19:12.482981408 -0700 -@@ -9,6 +9,8 @@ - #include "prtime.h" - #include "secerr.h" - #include "ssl.h" -+#include "nss.h" -+#include "blapit.h" - - #include "gtest_utils.h" - #include "tls_agent.h" -@@ -357,9 +359,14 @@ static void GenerateWeakRsaKey(ScopedSEC - ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - ASSERT_TRUE(slot); - PK11RSAGenParams rsaparams; -- // The absolute minimum size of RSA key that we can use with SHA-256 is -- // 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. -+// The absolute minimum size of RSA key that we can use with SHA-256 is -+// 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. -+#define RSA_WEAK_KEY 528 -+#if RSA_MIN_MODULUS_BITS < RSA_WEAK_KEY - rsaparams.keySizeInBits = 528; -+#else -+ rsaparams.keySizeInBits = RSA_MIN_MODULUS_BITS + 1; -+#endif - rsaparams.pe = 65537; - - // Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient -@@ -399,6 +406,18 @@ TEST_P(TlsConnectTls13, DCWeakKey) { - ssl_sig_rsa_pss_pss_sha256}; - client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); - server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); -+#if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY -+ // save the MIN POLICY length. -+ PRInt32 minRsa; -+ -+ ASSERT_EQ(SECSuccess, NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minRsa)); -+#if RSA_MIN_MODULUS_BITS >= 2048 -+ ASSERT_EQ(SECSuccess, -+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, RSA_MIN_MODULUS_BITS + 1024)); -+#else -+ ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 2048)); -+#endif -+#endif - - ScopedSECKEYPrivateKey dc_priv; - ScopedSECKEYPublicKey dc_pub; -@@ -421,6 +440,9 @@ TEST_P(TlsConnectTls13, DCWeakKey) { - auto cfilter = MakeTlsFilter( - client_, ssl_delegated_credentials_xtn); - ConnectExpectAlert(client_, kTlsAlertInsufficientSecurity); -+#if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY -+ ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, minRsa)); -+#endif - } - - class ReplaceDCSigScheme : public TlsHandshakeFilter { -diff -up ./lib/cryptohi/keyhi.h.signature-policy ./lib/cryptohi/keyhi.h ---- ./lib/cryptohi/keyhi.h.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/cryptohi/keyhi.h 2022-06-21 09:16:23.917905021 -0700 -@@ -53,6 +53,11 @@ extern unsigned SECKEY_PublicKeyStrength - extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk); - - /* -+** Return the strength of the private key in bits -+*/ -+extern unsigned SECKEY_PrivateKeyStrengthInBits(const SECKEYPrivateKey *privk); -+ -+/* - ** Return the length of the signature in bytes - */ - extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk); -diff -up ./lib/cryptohi/keyi.h.signature-policy ./lib/cryptohi/keyi.h ---- ./lib/cryptohi/keyi.h.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/cryptohi/keyi.h 2022-06-21 09:16:23.917905021 -0700 -@@ -4,6 +4,7 @@ - - #ifndef _KEYI_H_ - #define _KEYI_H_ -+#include "secerr.h" - - SEC_BEGIN_PROTOS - /* NSS private functions */ -@@ -36,6 +37,9 @@ SECStatus sec_DecodeRSAPSSParamsToMechan - const SECItem *params, - CK_RSA_PKCS_PSS_PARAMS *mech); - -+/* make sure the key length matches the policy for keyType */ -+SECStatus seckey_EnforceKeySize(KeyType keyType, unsigned keyLength, -+ SECErrorCodes error); - SEC_END_PROTOS - - #endif /* _KEYHI_H_ */ -diff -up ./lib/cryptohi/seckey.c.signature-policy ./lib/cryptohi/seckey.c ---- ./lib/cryptohi/seckey.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/cryptohi/seckey.c 2022-06-21 09:16:23.917905021 -0700 -@@ -14,6 +14,7 @@ - #include "secdig.h" - #include "prtime.h" - #include "keyi.h" -+#include "nss.h" - - SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) - SEC_ASN1_MKSUB(SEC_IntegerTemplate) -@@ -1042,6 +1043,62 @@ SECKEY_PublicKeyStrengthInBits(const SEC - return bitSize; - } - -+unsigned -+SECKEY_PrivateKeyStrengthInBits(const SECKEYPrivateKey *privk) -+{ -+ unsigned bitSize = 0; -+ CK_ATTRIBUTE_TYPE attribute = CKT_INVALID_TYPE; -+ SECItem params; -+ SECStatus rv; -+ -+ if (!privk) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return 0; -+ } -+ -+ /* interpret modulus length as key strength */ -+ switch (privk->keyType) { -+ case rsaKey: -+ case rsaPssKey: -+ case rsaOaepKey: -+ /* some tokens don't export CKA_MODULUS on the private key, -+ * PK11_SignatureLen works around this if necessary */ -+ bitSize = PK11_SignatureLen((SECKEYPrivateKey *)privk) * PR_BITS_PER_BYTE; -+ if (bitSize == -1) { -+ bitSize = 0; -+ } -+ return bitSize; -+ case dsaKey: -+ case fortezzaKey: -+ case dhKey: -+ case keaKey: -+ attribute = CKA_PRIME; -+ break; -+ case ecKey: -+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, -+ CKA_EC_PARAMS, NULL, ¶ms); -+ if ((rv != SECSuccess) || (params.data == NULL)) { -+ return 0; -+ } -+ bitSize = SECKEY_ECParamsToKeySize(¶ms); -+ PORT_Free(params.data); -+ return bitSize; -+ default: -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return 0; -+ } -+ PORT_Assert(attribute != CKT_INVALID_TYPE); -+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, -+ attribute, NULL, ¶ms); -+ if ((rv != SECSuccess) || (params.data == NULL)) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return 0; -+ } -+ bitSize = SECKEY_BigIntegerBitLength(¶ms); -+ PORT_Free(params.data); -+ return bitSize; -+} -+ - /* returns signature length in bytes (not bits) */ - unsigned - SECKEY_SignatureLen(const SECKEYPublicKey *pubk) -@@ -1212,6 +1269,51 @@ SECKEY_CopyPublicKey(const SECKEYPublicK - } - - /* -+ * Check that a given key meets the policy limits for the given key -+ * size. -+ */ -+SECStatus -+seckey_EnforceKeySize(KeyType keyType, unsigned keyLength, SECErrorCodes error) -+{ -+ PRInt32 opt = -1; -+ PRInt32 optVal; -+ SECStatus rv; -+ -+ switch (keyType) { -+ case rsaKey: -+ case rsaPssKey: -+ case rsaOaepKey: -+ opt = NSS_RSA_MIN_KEY_SIZE; -+ break; -+ case dsaKey: -+ case fortezzaKey: -+ opt = NSS_DSA_MIN_KEY_SIZE; -+ break; -+ case dhKey: -+ case keaKey: -+ opt = NSS_DH_MIN_KEY_SIZE; -+ break; -+ case ecKey: -+ opt = NSS_ECC_MIN_KEY_SIZE; -+ break; -+ case nullKey: -+ default: -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return SECFailure; -+ } -+ PORT_Assert(opt != -1); -+ rv = NSS_OptionGet(opt, &optVal); -+ if (rv != SECSuccess) { -+ return rv; -+ } -+ if (optVal < keyLength) { -+ PORT_SetError(error); -+ return SECFailure; -+ } -+ return SECSuccess; -+} -+ -+/* - * Use the private key to find a public key handle. The handle will be on - * the same slot as the private key. - */ -diff -up ./lib/cryptohi/secsign.c.signature-policy ./lib/cryptohi/secsign.c ---- ./lib/cryptohi/secsign.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/cryptohi/secsign.c 2022-06-21 09:16:23.917905021 -0700 -@@ -15,6 +15,7 @@ - #include "pk11func.h" - #include "secerr.h" - #include "keyi.h" -+#include "nss.h" - - struct SGNContextStr { - SECOidTag signalg; -@@ -32,6 +33,7 @@ sgn_NewContext(SECOidTag alg, SECItem *p - SECOidTag hashalg, signalg; - KeyType keyType; - PRUint32 policyFlags; -+ PRInt32 optFlags; - SECStatus rv; - - /* OK, map a PKCS #7 hash and encrypt algorithm into -@@ -56,6 +58,16 @@ sgn_NewContext(SECOidTag alg, SECItem *p - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return NULL; - } -+ if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) != SECFailure) { -+ if (optFlags & NSS_KEY_SIZE_POLICY_SIGN_FLAG) { -+ rv = seckey_EnforceKeySize(key->keyType, -+ SECKEY_PrivateKeyStrengthInBits(key), -+ SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); -+ if (rv != SECSuccess) { -+ return NULL; -+ } -+ } -+ } - /* check the policy on the hash algorithm */ - if ((NSS_GetAlgorithmPolicy(hashalg, &policyFlags) == SECFailure) || - !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { -@@ -467,9 +479,20 @@ SGN_Digest(SECKEYPrivateKey *privKey, - SGNDigestInfo *di = 0; - SECOidTag enctag; - PRUint32 policyFlags; -+ PRInt32 optFlags; - - result->data = 0; - -+ if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) != SECFailure) { -+ if (optFlags & NSS_KEY_SIZE_POLICY_SIGN_FLAG) { -+ rv = seckey_EnforceKeySize(privKey->keyType, -+ SECKEY_PrivateKeyStrengthInBits(privKey), -+ SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); -+ if (rv != SECSuccess) { -+ return SECFailure; -+ } -+ } -+ } - /* check the policy on the hash algorithm */ - if ((NSS_GetAlgorithmPolicy(algtag, &policyFlags) == SECFailure) || - !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { -diff -up ./lib/cryptohi/secvfy.c.signature-policy ./lib/cryptohi/secvfy.c ---- ./lib/cryptohi/secvfy.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/cryptohi/secvfy.c 2022-06-21 09:16:23.918905028 -0700 -@@ -16,6 +16,7 @@ - #include "secdig.h" - #include "secerr.h" - #include "keyi.h" -+#include "nss.h" - - /* - ** Recover the DigestInfo from an RSA PKCS#1 signature. -@@ -467,6 +468,7 @@ vfy_CreateContext(const SECKEYPublicKey - unsigned int sigLen; - KeyType type; - PRUint32 policyFlags; -+ PRInt32 optFlags; - - /* make sure the encryption algorithm matches the key type */ - /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */ -@@ -476,7 +478,16 @@ vfy_CreateContext(const SECKEYPublicKey - PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH); - return NULL; - } -- -+ if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) != SECFailure) { -+ if (optFlags & NSS_KEY_SIZE_POLICY_VERIFY_FLAG) { -+ rv = seckey_EnforceKeySize(key->keyType, -+ SECKEY_PublicKeyStrengthInBits(key), -+ SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED); -+ if (rv != SECSuccess) { -+ return NULL; -+ } -+ } -+ } - /* check the policy on the encryption algorithm */ - if ((NSS_GetAlgorithmPolicy(encAlg, &policyFlags) == SECFailure) || - !(policyFlags & NSS_USE_ALG_IN_ANY_SIGNATURE)) { -diff -up ./lib/freebl/blapit.h.signature-policy ./lib/freebl/blapit.h ---- ./lib/freebl/blapit.h.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/freebl/blapit.h 2022-06-21 09:16:23.918905028 -0700 -@@ -135,7 +135,7 @@ typedef int __BLAPI_DEPRECATED __attribu - * These values come from the initial key size limits from the PKCS #11 - * module. They may be arbitrarily adjusted to any value freebl supports. - */ --#define RSA_MIN_MODULUS_BITS 128 -+#define RSA_MIN_MODULUS_BITS 1023 /* 128 */ - #define RSA_MAX_MODULUS_BITS 16384 - #define RSA_MAX_EXPONENT_BITS 64 - #define DH_MIN_P_BITS 128 -diff -up ./lib/nss/nss.h.signature-policy ./lib/nss/nss.h ---- ./lib/nss/nss.h.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/nss/nss.h 2022-06-21 09:16:23.918905028 -0700 -@@ -302,6 +302,28 @@ SECStatus NSS_UnregisterShutdown(NSS_Shu - #define NSS_DEFAULT_LOCKS 0x00d /* lock default values */ - #define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */ - -+/* NSS_KEY_SIZE_POLICY controls what kinds of operations are subject to -+ * the NSS_XXX_MIN_KEY_SIZE values. -+ * NSS_KEY_SIZE_POLICY_FLAGS sets and clears all the flags to the input -+ * value -+ * On get it returns all the flags -+ * NSS_KEY_SIZE_POLICY_SET_FLAGS sets only the flags=1 in theinput value and -+ * does not affect the other flags -+ * On get it returns all the flags -+ * NSS_KEY_SIZE_POLICY_CLEAR_FLAGS clears only the flags=1 in the input -+ * value and does not affect the other flags -+ * On get it returns all the compliment of all the flags -+ * (cleared flags == 1) */ -+#define NSS_KEY_SIZE_POLICY_FLAGS 0x00e -+#define NSS_KEY_SIZE_POLICY_SET_FLAGS 0x00f -+#define NSS_KEY_SIZE_POLICY_CLEAR_FLAGS 0x010 -+/* currently defined flags */ -+#define NSS_KEY_SIZE_POLICY_SSL_FLAG 1 -+#define NSS_KEY_SIZE_POLICY_VERIFY_FLAG 2 -+#define NSS_KEY_SIZE_POLICY_SIGN_FLAG 4 -+ -+#define NSS_ECC_MIN_KEY_SIZE 0x011 -+ - /* - * Set and get global options for the NSS library. - */ -diff -up ./lib/nss/nssoptions.c.signature-policy ./lib/nss/nssoptions.c ---- ./lib/nss/nssoptions.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/nss/nssoptions.c 2022-06-21 09:16:23.918905028 -0700 -@@ -26,6 +26,8 @@ struct nssOps { - PRInt32 dtlsVersionMaxPolicy; - PRInt32 pkcs12DecodeForceUnicode; - PRInt32 defaultLocks; -+ PRInt32 keySizePolicyFlags; -+ PRInt32 eccMinKeySize; - }; - - static struct nssOps nss_ops = { -@@ -37,7 +39,9 @@ static struct nssOps nss_ops = { - 1, - 0xffff, - PR_FALSE, -- 0 -+ 0, -+ NSS_KEY_SIZE_POLICY_SSL_FLAG, -+ SSL_ECC_MIN_CURVE_BITS - }; - - SECStatus -@@ -78,6 +82,18 @@ NSS_OptionSet(PRInt32 which, PRInt32 val - case NSS_DEFAULT_LOCKS: - nss_ops.defaultLocks = value; - break; -+ case NSS_KEY_SIZE_POLICY_FLAGS: -+ nss_ops.keySizePolicyFlags = value; -+ break; -+ case NSS_KEY_SIZE_POLICY_SET_FLAGS: -+ nss_ops.keySizePolicyFlags |= value; -+ break; -+ case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS: -+ nss_ops.keySizePolicyFlags &= ~value; -+ break; -+ case NSS_ECC_MIN_KEY_SIZE: -+ nss_ops.eccMinKeySize = value; -+ break; - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; -@@ -119,6 +135,16 @@ NSS_OptionGet(PRInt32 which, PRInt32 *va - case NSS_DEFAULT_LOCKS: - *value = nss_ops.defaultLocks; - break; -+ case NSS_KEY_SIZE_POLICY_FLAGS: -+ case NSS_KEY_SIZE_POLICY_SET_FLAGS: -+ *value = nss_ops.keySizePolicyFlags; -+ break; -+ case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS: -+ *value = ~nss_ops.keySizePolicyFlags; -+ break; -+ case NSS_ECC_MIN_KEY_SIZE: -+ *value = nss_ops.eccMinKeySize; -+ break; - default: - rv = SECFailure; - } -diff -up ./lib/nss/nssoptions.h.signature-policy ./lib/nss/nssoptions.h ---- ./lib/nss/nssoptions.h.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/nss/nssoptions.h 2022-06-21 09:16:23.918905028 -0700 -@@ -18,3 +18,5 @@ - * happens because NSS used to count bit lengths incorrectly. */ - #define SSL_DH_MIN_P_BITS 1023 - #define SSL_DSA_MIN_P_BITS 1023 -+/* not really used by SSL, but define it here for consistency */ -+#define SSL_ECC_MIN_CURVE_BITS 256 -diff -up ./lib/pk11wrap/pk11kea.c.signature-policy ./lib/pk11wrap/pk11kea.c ---- ./lib/pk11wrap/pk11kea.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/pk11wrap/pk11kea.c 2022-06-21 09:16:23.918905028 -0700 -@@ -78,15 +78,14 @@ pk11_KeyExchange(PK11SlotInfo *slot, CK_ - if (privKeyHandle == CK_INVALID_HANDLE) { - PK11RSAGenParams rsaParams; - -- if (symKeyLength > 53) /* bytes */ { -- /* we'd have to generate an RSA key pair > 512 bits long, -+ if (symKeyLength > 120) /* bytes */ { -+ /* we'd have to generate an RSA key pair > 1024 bits long, - ** and that's too costly. Don't even try. - */ - PORT_SetError(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY); - goto rsa_failed; - } -- rsaParams.keySizeInBits = -- (symKeyLength > 21 || symKeyLength == 0) ? 512 : 256; -+ rsaParams.keySizeInBits = 1024; - rsaParams.pe = 0x10001; - privKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, - &rsaParams, &pubKey, PR_FALSE, PR_TRUE, symKey->cx); -diff -up ./lib/pk11wrap/pk11pars.c.signature-policy ./lib/pk11wrap/pk11pars.c ---- ./lib/pk11wrap/pk11pars.c.signature-policy 2022-06-21 09:16:23.898904900 -0700 -+++ ./lib/pk11wrap/pk11pars.c 2022-06-21 09:16:23.918905028 -0700 -@@ -430,12 +430,21 @@ static const optionFreeDef sslOptList[] - { CIPHER_NAME("DTLS1.3"), 0x304 }, - }; - -+static const optionFreeDef keySizeFlagsList[] = { -+ { CIPHER_NAME("KEY-SIZE-SSL"), NSS_KEY_SIZE_POLICY_SSL_FLAG }, -+ { CIPHER_NAME("KEY-SIZE-SIGN"), NSS_KEY_SIZE_POLICY_SIGN_FLAG }, -+ { CIPHER_NAME("KEY-SIZE-VERIFY"), NSS_KEY_SIZE_POLICY_VERIFY_FLAG }, -+}; -+ - static const optionFreeDef freeOptList[] = { - - /* Restrictions for asymetric keys */ - { CIPHER_NAME("RSA-MIN"), NSS_RSA_MIN_KEY_SIZE }, - { CIPHER_NAME("DH-MIN"), NSS_DH_MIN_KEY_SIZE }, - { CIPHER_NAME("DSA-MIN"), NSS_DSA_MIN_KEY_SIZE }, -+ { CIPHER_NAME("ECC-MIN"), NSS_ECC_MIN_KEY_SIZE }, -+ /* what operations doe the key size apply to */ -+ { CIPHER_NAME("KEY-SIZE-FLAGS"), NSS_KEY_SIZE_POLICY_FLAGS }, - /* constraints on SSL Protocols */ - { CIPHER_NAME("TLS-VERSION-MIN"), NSS_TLS_VERSION_MIN_POLICY }, - { CIPHER_NAME("TLS-VERSION-MAX"), NSS_TLS_VERSION_MAX_POLICY }, -@@ -543,6 +552,7 @@ secmod_getPolicyOptValue(const char *pol - *result = val; - return SECSuccess; - } -+ /* handle any ssl strings */ - for (i = 0; i < PR_ARRAY_SIZE(sslOptList); i++) { - if (policyValueLength == sslOptList[i].name_size && - PORT_Strncasecmp(sslOptList[i].name, policyValue, -@@ -551,7 +561,29 @@ secmod_getPolicyOptValue(const char *pol - return SECSuccess; - } - } -- return SECFailure; -+ /* handle key_size flags. Each flag represents a bit, which -+ * gets or'd together. They can be separated by , | or + */ -+ val = 0; -+ while (*policyValue) { -+ PRBool found = PR_FALSE; -+ for (i = 0; i < PR_ARRAY_SIZE(keySizeFlagsList); i++) { -+ if (PORT_Strncasecmp(keySizeFlagsList[i].name, policyValue, -+ keySizeFlagsList[i].name_size) == 0) { -+ val |= keySizeFlagsList[i].option; -+ found = PR_TRUE; -+ policyValue += keySizeFlagsList[i].name_size; -+ break; -+ } -+ } -+ if (!found) { -+ return SECFailure; -+ } -+ if (*policyValue == ',' || *policyValue == '|' || *policyValue == '+') { -+ policyValue++; -+ } -+ } -+ *result = val; -+ return SECSuccess; - } - - /* Policy operations: -diff -up ./lib/ssl/ssl3con.c.signature-policy ./lib/ssl/ssl3con.c ---- ./lib/ssl/ssl3con.c.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/ssl/ssl3con.c 2022-06-21 09:16:23.920905040 -0700 -@@ -7409,6 +7409,8 @@ ssl_HandleDHServerKeyExchange(sslSocket - unsigned dh_p_bits; - unsigned dh_g_bits; - PRInt32 minDH; -+ PRInt32 optval; -+ PRBool usePolicyLength = PR_FALSE; - - SSL3Hashes hashes; - SECItem signature = { siBuffer, NULL, 0 }; -@@ -7419,8 +7421,13 @@ ssl_HandleDHServerKeyExchange(sslSocket - if (rv != SECSuccess) { - goto loser; /* malformed. */ - } -+ rv = NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optval); -+ if (rv == SECSuccess) { -+ usePolicyLength = (PRBool)((optval & NSS_KEY_SIZE_POLICY_SSL_FLAG) == NSS_KEY_SIZE_POLICY_SSL_FLAG); -+ } - -- rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); -+ rv = usePolicyLength ? NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH) -+ : SECFailure; - if (rv != SECSuccess || minDH <= 0) { - minDH = SSL_DH_MIN_P_BITS; - } -@@ -11411,13 +11418,20 @@ ssl_SetAuthKeyBits(sslSocket *ss, const - SECStatus rv; - PRUint32 minKey; - PRInt32 optval; -+ PRBool usePolicyLength = PR_TRUE; -+ -+ rv = NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optval); -+ if (rv == SECSuccess) { -+ usePolicyLength = (PRBool)((optval & NSS_KEY_SIZE_POLICY_SSL_FLAG) == NSS_KEY_SIZE_POLICY_SSL_FLAG); -+ } - - ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); - switch (SECKEY_GetPublicKeyType(pubKey)) { - case rsaKey: - case rsaPssKey: - case rsaOaepKey: -- rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval); -+ rv = usePolicyLength ? NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval) -+ : SECFailure; - if (rv == SECSuccess && optval > 0) { - minKey = (PRUint32)optval; - } else { -@@ -11426,7 +11440,8 @@ ssl_SetAuthKeyBits(sslSocket *ss, const - break; - - case dsaKey: -- rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval); -+ rv = usePolicyLength ? NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval) -+ : SECFailure; - if (rv == SECSuccess && optval > 0) { - minKey = (PRUint32)optval; - } else { -@@ -11435,7 +11450,8 @@ ssl_SetAuthKeyBits(sslSocket *ss, const - break; - - case dhKey: -- rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval); -+ rv = usePolicyLength ? NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval) -+ : SECFailure; - if (rv == SECSuccess && optval > 0) { - minKey = (PRUint32)optval; - } else { -@@ -11444,9 +11460,15 @@ ssl_SetAuthKeyBits(sslSocket *ss, const - break; - - case ecKey: -- /* Don't check EC strength here on the understanding that we only -- * support curves we like. */ -- minKey = ss->sec.authKeyBits; -+ rv = usePolicyLength ? NSS_OptionGet(NSS_ECC_MIN_KEY_SIZE, &optval) -+ : SECFailure; -+ if (rv == SECSuccess && optval > 0) { -+ minKey = (PRUint32)optval; -+ } else { -+ /* Don't check EC strength here on the understanding that we -+ * only support curves we like. */ -+ minKey = ss->sec.authKeyBits; -+ } - break; - - default: -diff -up ./tests/policy/crypto-policy.txt.signature-policy ./tests/policy/crypto-policy.txt ---- ./tests/policy/crypto-policy.txt.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./tests/policy/crypto-policy.txt 2022-06-21 09:16:23.920905040 -0700 -@@ -6,6 +6,8 @@ - 0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy - 0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy - 0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy -+0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072:KEY-SIZE-FLAGS=KEY-SIZE-SSL,KEY-SIZE-SIGN,KEY-SIZE-VERIFY NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Valid key size -+2 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072:KEY-SIZE-FLAGS=UNKNOWN,KEY-SIZE-SIGN,KEY-SIZE-VERIFY NSS-POLICY-FAIL.*unknown.* Invalid key size - 2 disallow=ALL_allow=dtls-version-min=:dtls-version-max= NSS-POLICY-FAIL Missing value - 2 disallow=ALL_allow=RSA-MIN=whatever NSS-POLICY-FAIL Invalid value - 2 disallow=ALL_allow=flower NSS-POLICY-FAIL Invalid identifier -diff -up ./tests/ssl/sslpolicy.txt.signature-policy ./tests/ssl/sslpolicy.txt ---- ./tests/ssl/sslpolicy.txt.signature-policy 2022-05-26 02:54:33.000000000 -0700 -+++ ./tests/ssl/sslpolicy.txt 2022-06-21 09:16:23.920905040 -0700 -@@ -194,6 +194,10 @@ - 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly - 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly - 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly -+ 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-verify Restrict RSA keys on signature verification -+ 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-sign Restrict RSA keys on signing -+ 1 noECC SSL3 d allow=rsa-min=16384:key-size-flags=key-size-ssl Restrict RSA keys when used in SSL -+ 0 noECC SSL3 d allow=rsa-min=1023 Restrict RSA keys when used in SSL - # test default settings - # NOTE: tstclient will attempt to overide the defaults, so we detect we - # were successful by locking in our settings diff --git a/nss-3.79-rsa-pss-salt-fips.patch b/nss-3.79-rsa-pss-salt-fips.patch deleted file mode 100644 index 660ecbc..0000000 --- a/nss-3.79-rsa-pss-salt-fips.patch +++ /dev/null @@ -1,397 +0,0 @@ -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -232,57 +232,26 @@ NSC_DestroyObject(CK_SESSION_HANDLE hSes - * be in the data base. - */ - status = sftk_FreeObject(object); - - return (status != SFTK_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR; - } - - /* -- ************** Crypto Functions: Utilities ************************ -- */ --/* -- * Utility function for converting PSS/OAEP parameter types into -- * HASH_HashTypes. Note: Only SHA family functions are defined in RFC 3447. -- */ --static HASH_HashType --GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) --{ -- switch (mech) { -- case CKM_SHA_1: -- case CKG_MGF1_SHA1: -- return HASH_AlgSHA1; -- case CKM_SHA224: -- case CKG_MGF1_SHA224: -- return HASH_AlgSHA224; -- case CKM_SHA256: -- case CKG_MGF1_SHA256: -- return HASH_AlgSHA256; -- case CKM_SHA384: -- case CKG_MGF1_SHA384: -- return HASH_AlgSHA384; -- case CKM_SHA512: -- case CKG_MGF1_SHA512: -- return HASH_AlgSHA512; -- default: -- return HASH_AlgNULL; -- } --} -- --/* - * Returns true if "params" contains a valid set of PSS parameters - */ - static PRBool - sftk_ValidatePssParams(const CK_RSA_PKCS_PSS_PARAMS *params) - { - if (!params) { - return PR_FALSE; - } -- if (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL || -- GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) { -+ if (sftk_GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL || -+ sftk_GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) { - return PR_FALSE; - } - return PR_TRUE; - } - - /* - * Returns true if "params" contains a valid set of OAEP parameters - */ -@@ -293,18 +262,18 @@ sftk_ValidateOaepParams(const CK_RSA_PKC - return PR_FALSE; - } - /* The requirements of ulSourceLen/pSourceData come from PKCS #11, which - * state: - * If the parameter is empty, pSourceData must be NULL and - * ulSourceDataLen must be zero. - */ - if (params->source != CKZ_DATA_SPECIFIED || -- (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) || -- (GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) || -+ (sftk_GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) || -+ (sftk_GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) || - (params->ulSourceDataLen == 0 && params->pSourceData != NULL) || - (params->ulSourceDataLen != 0 && params->pSourceData == NULL)) { - return PR_FALSE; - } - return PR_TRUE; - } - - /* -@@ -606,18 +575,18 @@ sftk_RSAEncryptOAEP(SFTKOAEPInfo *info, - HASH_HashType maskHashAlg; - - PORT_Assert(info->key.pub->keyType == NSSLOWKEYRSAKey); - if (info->key.pub->keyType != NSSLOWKEYRSAKey) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; - } - -- hashAlg = GetHashTypeFromMechanism(info->params.hashAlg); -- maskHashAlg = GetHashTypeFromMechanism(info->params.mgf); -+ hashAlg = sftk_GetHashTypeFromMechanism(info->params.hashAlg); -+ maskHashAlg = sftk_GetHashTypeFromMechanism(info->params.mgf); - - return RSA_EncryptOAEP(&info->key.pub->u.rsa, hashAlg, maskHashAlg, - (const unsigned char *)info->params.pSourceData, - info->params.ulSourceDataLen, NULL, 0, - output, outputLen, maxLen, input, inputLen); - } - - static SECStatus -@@ -630,18 +599,18 @@ sftk_RSADecryptOAEP(SFTKOAEPInfo *info, - HASH_HashType maskHashAlg; - - PORT_Assert(info->key.priv->keyType == NSSLOWKEYRSAKey); - if (info->key.priv->keyType != NSSLOWKEYRSAKey) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; - } - -- hashAlg = GetHashTypeFromMechanism(info->params.hashAlg); -- maskHashAlg = GetHashTypeFromMechanism(info->params.mgf); -+ hashAlg = sftk_GetHashTypeFromMechanism(info->params.hashAlg); -+ maskHashAlg = sftk_GetHashTypeFromMechanism(info->params.mgf); - - rv = RSA_DecryptOAEP(&info->key.priv->u.rsa, hashAlg, maskHashAlg, - (const unsigned char *)info->params.pSourceData, - info->params.ulSourceDataLen, - output, outputLen, maxLen, input, inputLen); - if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { - sftk_fatalError = PR_TRUE; - } -@@ -2646,18 +2615,18 @@ sftk_RSASignPSS(SFTKPSSSignInfo *info, u - CK_RSA_PKCS_PSS_PARAMS *params = &info->params; - - PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); - if (info->key->keyType != NSSLOWKEYRSAKey) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; - } - -- hashAlg = GetHashTypeFromMechanism(params->hashAlg); -- maskHashAlg = GetHashTypeFromMechanism(params->mgf); -+ hashAlg = sftk_GetHashTypeFromMechanism(params->hashAlg); -+ maskHashAlg = sftk_GetHashTypeFromMechanism(params->mgf); - - rv = RSA_SignPSS(&info->key->u.rsa, hashAlg, maskHashAlg, NULL, - params->sLen, sig, sigLen, maxLen, hash, hashLen); - if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { - sftk_fatalError = PR_TRUE; - } - return rv; - } -@@ -3021,17 +2990,17 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, - tlsPrfHash = HASH_AlgNULL; - if (tls12_mac_params->ulMacLength != 12) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } else { - /* The hash function for the TLS 1.2 PRF */ - tlsPrfHash = -- GetHashTypeFromMechanism(tls12_mac_params->prfHashMechanism); -+ sftk_GetHashTypeFromMechanism(tls12_mac_params->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL || - tls12_mac_params->ulMacLength < 12) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } - if (tls12_mac_params->ulServerOrClient == 1) { - label = "server finished"; -@@ -3539,18 +3508,18 @@ sftk_RSACheckSignPSS(SFTKPSSVerifyInfo * - CK_RSA_PKCS_PSS_PARAMS *params = &info->params; - - PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey); - if (info->key->keyType != NSSLOWKEYRSAKey) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; - } - -- hashAlg = GetHashTypeFromMechanism(params->hashAlg); -- maskHashAlg = GetHashTypeFromMechanism(params->mgf); -+ hashAlg = sftk_GetHashTypeFromMechanism(params->hashAlg); -+ maskHashAlg = sftk_GetHashTypeFromMechanism(params->mgf); - - return RSA_CheckSignPSS(&info->key->u.rsa, hashAlg, maskHashAlg, - params->sLen, sig, sigLen, digest, digestLen); - } - - /* NSC_VerifyInit initializes a verification operation, - * where the signature is an appendix to the data, - * and plaintext cannot be recovered from the signature (e.g. DSA) */ -@@ -6951,17 +6920,17 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_ - unsigned genLen = 0; - unsigned char hashbuf[HASH_LENGTH_MAX]; - unsigned char keyBlock[9 * SFTK_MAX_MAC_LENGTH]; - unsigned char *keyBlockAlloc = NULL; /* allocated keyBlock */ - unsigned char *keyBlockData = keyBlock; /* pointer to current keyBlock */ - const unsigned char *prk; /* psuedo-random key */ - CK_ULONG prkLen; - const unsigned char *okm; /* output keying material */ -- HASH_HashType hashType = GetHashTypeFromMechanism(params->prfHashMechanism); -+ HASH_HashType hashType = sftk_GetHashTypeFromMechanism(params->prfHashMechanism); - SFTKObject *saltKey = NULL; - CK_RV crv = CKR_OK; - - /* Spec says it should be the base hash, but also accept the HMAC */ - if (hashType == HASH_AlgNULL) { - hashType = sftk_HMACMechanismToHash(params->prfHashMechanism); - } - rawHash = HASH_GetRawHashObject(hashType); -@@ -7389,17 +7358,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || - (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { - if (BAD_PARAM_CAST(pMechanism, sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS))) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = - (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)pMechanism->pParameter; -- tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism); -+ tlsPrfHash = sftk_GetHashTypeFromMechanism(tls12_master->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || - (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { - tlsPrfHash = HASH_AlgSHA256; - } -@@ -7607,17 +7576,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - break; - } - - status = TLS_PRF(&pms, "extended master secret", - &seed, &master, isFIPS); - } else { - const SECHashObject *hashObj; - -- tlsPrfHash = GetHashTypeFromMechanism(ems_params->prfHashMechanism); -+ tlsPrfHash = sftk_GetHashTypeFromMechanism(ems_params->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - - hashObj = HASH_GetRawHashObject(tlsPrfHash); - if (seed.len != hashObj->length) { - crv = CKR_TEMPLATE_INCONSISTENT; -@@ -7665,17 +7634,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - - if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { - if (BAD_PARAM_CAST(pMechanism, sizeof(CK_TLS12_KEY_MAT_PARAMS))) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - CK_TLS12_KEY_MAT_PARAMS *tls12_keys = - (CK_TLS12_KEY_MAT_PARAMS *)pMechanism->pParameter; -- tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); -+ tlsPrfHash = sftk_GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { - tlsPrfHash = HASH_AlgSHA256; - } - -diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h ---- a/lib/softoken/pkcs11i.h -+++ b/lib/softoken/pkcs11i.h -@@ -908,16 +908,19 @@ sftk_MACConstantTimeCtx *sftk_HMACConsta - sftk_MACConstantTimeCtx *sftk_SSLv3MACConstantTime_New( - CK_MECHANISM_PTR mech, SFTKObject *key); - void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len); - void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len); - void sftk_MACConstantTime_EndHash( - void *pctx, void *out, unsigned int *outLength, unsigned int maxLength); - void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); - -+/* Crypto Utilities */ -+HASH_HashType sftk_GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech); -+ - /**************************************** - * implement TLS Pseudo Random Function (PRF) - */ - - extern CK_RV - sftk_TLSPRFInit(SFTKSessionContext *context, - SFTKObject *key, - CK_KEY_TYPE key_type, -diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c ---- a/lib/softoken/pkcs11u.c -+++ b/lib/softoken/pkcs11u.c -@@ -95,16 +95,17 @@ CK_RV - sftk_MapVerifyError(int error) - { - CK_RV crv = sftk_MapCryptError(error); - if (crv == CKR_DEVICE_ERROR) - crv = CKR_SIGNATURE_INVALID; - return crv; - } - -+ - /* - * ******************** Attribute Utilities ******************************* - */ - - /* - * create a new attribute with type, value, and length. Space is allocated - * to hold value. - */ -@@ -2243,17 +2244,49 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE - flags = CKF_MESSAGE_VERIFY; - break; - default: - break; - } - return flags; - } - -+/* -+ * ******************** Hash Utilities ************************** -+ */ -+/* -+ * Utility function for converting PSS/OAEP parameter types into -+ * HASH_HashTypes. Note: Only SHA family functions are defined in RFC 3447. -+ */ -+HASH_HashType -+sftk_GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) -+{ -+ switch (mech) { -+ case CKM_SHA_1: -+ case CKG_MGF1_SHA1: -+ return HASH_AlgSHA1; -+ case CKM_SHA224: -+ case CKG_MGF1_SHA224: -+ return HASH_AlgSHA224; -+ case CKM_SHA256: -+ case CKG_MGF1_SHA256: -+ return HASH_AlgSHA256; -+ case CKM_SHA384: -+ case CKG_MGF1_SHA384: -+ return HASH_AlgSHA384; -+ case CKM_SHA512: -+ case CKG_MGF1_SHA512: -+ return HASH_AlgSHA512; -+ default: -+ return HASH_AlgNULL; -+ } -+} -+ - #ifdef NSS_HAS_FIPS_INDICATORS -+/**************** FIPS Indicator Utilities *************************/ - /* sigh, we probably need a version of this in secutil so that both - * softoken and NSS can use it */ - static SECOidTag - sftk_quickGetECCCurveOid(SFTKObject *source) - { - SFTKAttribute *attribute = sftk_FindAttribute(source, CKA_EC_PARAMS); - unsigned char *encoded; - int len; -@@ -2379,16 +2412,39 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME - if (mech->ulParameterLen == 0) { - /* AEAD ciphers are only in FIPS mode if we are using the - * MESSAGE interface. This takes an empty parameter - * in the init function */ - return PR_TRUE; - } - return PR_FALSE; - } -+ case SFTKFIPSRSAPSS: { -+ /* PSS salt must not be greater than the length of the -+ * underlying hash. We verify that the underlying hash of the -+ * parameters matches Hash of the combined hash mechanisms, so -+ * we don't need to look at the specific PSS mechanism */ -+ CK_RSA_PKCS_PSS_PARAMS *pss = (CK_RSA_PKCS_PSS_PARAMS *) -+ mech->pParameter; -+ const SECHashObject *hashObj = NULL; -+ if (mech->ulParameterLen != sizeof(*pss)) { -+ return PR_FALSE; -+ } -+ /* we use the existing hash utilities to find the length of -+ * the hash */ -+ hashObj = HASH_GetRawHashObject(sftk_GetHashTypeFromMechanism( -+ pss->hashAlg)); -+ if (hashObj == NULL) { -+ return PR_FALSE; -+ } -+ if (pss->sLen > hashObj->length) { -+ return PR_FALSE; -+ } -+ return PR_TRUE; -+ } - default: - break; - } - /* if we didn't understand the special processing, mark it non-fips */ - return PR_FALSE; - } - #endif - diff --git a/nss-3.90-DisablingASM.patch b/nss-3.90-DisablingASM.patch new file mode 100644 index 0000000..7d1a17f --- /dev/null +++ b/nss-3.90-DisablingASM.patch @@ -0,0 +1,57 @@ +diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile +index 74e8e65..8995752 100644 +--- a/lib/freebl/Makefile ++++ b/lib/freebl/Makefile +@@ -568,7 +568,6 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null + +@@ -3480,6 +3481,29 @@ ssl3_ComputeMasterSecretInt(sslSocket *s + CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; + unsigned int master_params_len; + ++ /* if we are using TLS and we aren't using the extended master secret, ++ * and SEC_OID_TLS_REQUIRE_EMS policy is true, fail. The caller will ++ * send and alert (eventually). In the RSA Server case, the alert ++ * won't happen until Finish time because the upper level code ++ * can't tell a difference between this failure and an RSA decrypt ++ * failure, so it will proceed with a faux key */ ++ if (isTLS) { ++ PRUint32 policy; ++ SECStatus rv; ++ ++ /* first fetch the policy for this algorithm */ ++ rv = NSS_GetAlgorithmPolicy(SEC_OID_TLS_REQUIRE_EMS, &policy); ++ /* we only look at the policy if we can fetch it. */ ++ if (rv == SECSuccess) { ++ if (policy & NSS_USE_POLICY_IN_SSL) { ++ /* just set the error, we don't want to map any errors ++ * set by NSS_GetAlgorithmPolicy here */ ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); ++ return SECFailure; ++ } ++ } ++ } ++ + if (isTLS12) { + if (isDH) + master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; +diff -up ./lib/util/secoid.c.add_ems_policy ./lib/util/secoid.c +--- ./lib/util/secoid.c.add_ems_policy 2023-06-12 15:37:49.293905422 -0700 ++++ ./lib/util/secoid.c 2023-06-12 17:20:29.498142775 -0700 +@@ -1795,6 +1795,11 @@ const static SECOidData oids[SEC_OID_TOT + SEC_OID_EXT_KEY_USAGE_IPSEC_USER, + "IPsec User", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), ++ ++ /* this will change upstream. for now apps shouldn't use it */ ++ /* we need it for the policy code. */ ++ ODE(SEC_OID_PRIVATE_1, ++ "TLS Require EMS", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), + }; + + /* PRIVATE EXTENDED SECOID Table +@@ -2095,6 +2100,8 @@ SECOID_Init(void) + + /* turn off NSS_USE_POLICY_IN_SSL by default */ + xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL; ++ /* turn off TLS REQUIRE EMS by default */ ++ xOids[SEC_OID_PRIVATE_1].notPolicyFlags = ~0; + + envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT"); + if (envVal) +diff -up ./lib/util/secoidt.h.add_ems_policy ./lib/util/secoidt.h +--- ./lib/util/secoidt.h.add_ems_policy 2023-06-12 17:18:35.131938535 -0700 ++++ ./lib/util/secoidt.h 2023-06-12 17:21:49.675987022 -0700 +@@ -501,6 +501,9 @@ typedef enum { + SEC_OID_EXT_KEY_USAGE_IPSEC_END = 361, + SEC_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 362, + SEC_OID_EXT_KEY_USAGE_IPSEC_USER = 363, ++ /* this will change upstream. for now apps shouldn't use it */ ++ /* give it an obscure name here */ ++ SEC_OID_PRIVATE_1 = 372, + + SEC_OID_TOTAL + } SECOidTag; diff --git a/nss-3.90-disable-ech.patch b/nss-3.90-disable-ech.patch new file mode 100644 index 0000000..eee8c39 --- /dev/null +++ b/nss-3.90-disable-ech.patch @@ -0,0 +1,96 @@ +diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c +--- a/lib/ssl/sslsock.c ++++ b/lib/ssl/sslsock.c +@@ -4394,62 +4394,82 @@ ssl_ClearPRCList(PRCList *list, void (*f + } + PORT_Free(cursor); + } + } + + SECStatus + SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.enableTls13GreaseEch = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss || size == 0) { + return SECFailure; + } + ssl_Get1stHandshakeLock(ss); + ssl_GetSSL3HandshakeLock(ss); + + ss->ssl3.hs.greaseEchSize = size; + + ssl_ReleaseSSL3HandshakeLock(ss); + ssl_Release1stHandshakeLock(ss); + + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.enableTls13BackendEch = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.callExtensionWriterOnEchInner = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_SetDtls13VersionWorkaround(PRFileDesc *fd, PRBool enabled) + { + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; +diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn +--- ./gtests/ssl_gtest/manifest.mn.disable_ech 2023-06-21 19:02:02.160400997 +0200 ++++ ./gtests/ssl_gtest/manifest.mn 2023-06-21 19:02:18.226618324 +0200 +@@ -57,7 +57,6 @@ CPPSRCS = \ + tls_filter.cc \ + tls_protect.cc \ + tls_psk_unittest.cc \ +- tls_ech_unittest.cc \ + $(SSLKEYLOGFILE_FILES) \ + $(NULL) diff --git a/nss-fedora-btrf-sql-hack.patch b/nss-fedora-btrf-sql-hack.patch deleted file mode 100644 index db60cc2..0000000 --- a/nss-fedora-btrf-sql-hack.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up ./lib/softoken/sdb.c.orig ./lib/softoken/sdb.c ---- ./lib/softoken/sdb.c.orig 2020-12-11 22:49:26.961726193 -0500 -+++ ./lib/softoken/sdb.c 2020-12-11 23:01:30.739122494 -0500 -@@ -690,8 +690,14 @@ sdb_openDB(const char *name, sqlite3 **s - openFlags = SQLITE_OPEN_READONLY; - } else { - openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE; -+ /* btrfs and sqlite seem to incorrectly open readwrite. -+ * when the file is readonly explicitly reject that issue here */ -+ if ((_NSSUTIL_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) && (_NSSUTIL_Access(name, PR_ACCESS_WRITE_OK) != PR_SUCCESS)) { -+ return SQLITE_READONLY; -+ } - } - -+ - /* Requires SQLite 3.5.0 or newer. */ - sqlerr = sqlite3_open_v2(name, sqlDB, openFlags, NULL); - if (sqlerr != SQLITE_OK) { diff --git a/nss-signtool-format.patch b/nss-signtool-format.patch index 5f146f1..f81d35c 100644 --- a/nss-signtool-format.patch +++ b/nss-signtool-format.patch @@ -10,7 +10,7 @@ diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { -- sprintf(filename, "%s/%s", path, entry->name); +- snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); + if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) { + PR_CloseDir(dir); + return -1; @@ -29,7 +29,7 @@ diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c @@ -138,6 +138,12 @@ rm_dash_r(char *path) /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); + snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); + if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name +) >= sizeof(filename)) { + errorCount++; diff --git a/nss-turn-off-expired-ocsp-cert.patch b/nss-turn-off-expired-ocsp-cert.patch deleted file mode 100644 index dfbbb50..0000000 --- a/nss-turn-off-expired-ocsp-cert.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg ---- a/tests/chains/scenarios/nameconstraints.cfg -+++ b/tests/chains/scenarios/nameconstraints.cfg -@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x - verify NameConstraints.dcissallowed:x - result pass - - # Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem" - # - # This tests that a non server certificate (i.e. id-kp-serverAuth - # not present in EKU) does *NOT* have CN treated as dnsName for - # purposes of Name Constraints validation --verify NameConstraints.ocsp1:x -- usage 10 -- result pass -+#verify NameConstraints.ocsp1:x -+# usage 10 -+# result pass - diff --git a/nss.spec b/nss.spec index 91c098e..82c0743 100644 --- a/nss.spec +++ b/nss.spec @@ -1,6 +1,6 @@ -%global nss_version 3.79.0 -%global nspr_version 4.34.0 -%global baserelease 18 +%global nss_version 3.90.0 +%global nspr_version 4.35.0 +%global baserelease 1 %global nss_release %baserelease # NOTE: To avoid NVR clashes of nspr* packages: # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when @@ -156,31 +156,24 @@ Patch32: nss-disable-md5.patch Patch33: nss-no-dbm-man-page.patch %endif # not upstreamable patch... +# WARNING: Need to make this patch work before checking!!! $$$$@@@ Patch34: nss-3.71-fix-lto-gtests.patch # camellia pkcs12 docs. Patch35: nss-3.71-camellia-pkcs12-doc.patch # disable delegated credentials Patch36: nss-disable-dc.patch +# disable ech +Patch37: nss-3.90-disable-ech.patch # patches that expect to be upstreamed # https://bugzilla.mozilla.org/show_bug.cgi?id=1774659 Patch51: nss-3.79-dbtool.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1774657 -Patch52: nss-3.79-dont-verify-default.patch -# https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 -Patch53: nss-3.79-fix-client-cert-crash.patch # https://bugzilla.mozilla.org/show_bug.cgi?id=1767883 -Patch54: nss-3.79-rhel-9-fips-signature-policy.patch -Patch55: nss-3.79-enable-POST-rerun.patch -Patch56: nss-3.79-increase-pbe-cache.patch -Patch57: nss-3.79-pkcs12-fix-null-password.patch Patch58: nss-3.79-fips.patch -Patch60: nss-3.79-rsa-pss-salt-fips.patch Patch61: nss-3.79-fips-review.patches -# cve 2023-0767, remove on rebase to nss 3.88.1 or later -# https://bugzilla.mozilla.org/show_bug.cgi?id=1804640 -Patch70: cve-2023-0767.patch +# ems policy. needs to upstream +Patch70: nss-3.90-add-ems-policy.patch Patch100: nspr-config-pc.patch Patch101: nspr-gcc-atomics.patch @@ -188,6 +181,12 @@ Patch101: nspr-gcc-atomics.patch Patch110: nspr-4.34-fix-coverity-loop-issue.patch Patch120: nspr-4.34-server-passive.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 +# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925 +Patch60: nss-3.90-DisablingASM.patch + + + # NSS reverse patches Patch300: nss-3.79-distrusted-certs.patch @@ -202,7 +201,7 @@ v3 certificates, and other security standards. %package tools Summary: Tools for the Network Security Services -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{nss_version}-%{nss_release} %description tools Network Security Services (NSS) is a set of libraries designed to @@ -219,7 +218,7 @@ Summary: System NSS Initialization # providing nss-system-init without version so that it can # be replaced by a better one, e.g. supplied by the os vendor Provides: nss-system-init -Requires: nss%{?_isa} = %{version}-%{release} +Requires: nss%{?_isa} = %{nss_version}-%{nss_release} Requires(post): coreutils, sed %description sysinit @@ -230,8 +229,8 @@ any system or user configured modules. %package devel Summary: Development libraries for Network Security Services -Provides: nss-static = %{version}-%{release} -Requires: nss%{?_isa} = %{version}-%{release} +Provides: nss-static = %{nss_version}-%{nss_release} +Requires: nss%{?_isa} = %{nss_version}-%{nss_release} Requires: nss-util-devel Requires: nss-softokn-devel Requires: nspr-devel >= %{nspr_version} @@ -244,9 +243,9 @@ Header and Library files for doing development with Network Security Services. %package pkcs11-devel Summary: Development libraries for PKCS #11 (Cryptoki) using NSS -Provides: nss-pkcs11-devel-static = %{version}-%{release} -Requires: nss-devel = %{version}-%{release} -Requires: nss-softokn-freebl-devel = %{version}-%{release} +Provides: nss-pkcs11-devel-static = %{nss_version}-%{nss_release} +Requires: nss-devel = %{nss_version}-%{nss_release} +Requires: nss-softokn-freebl-devel = %{nss_version}-%{nss_release} %description pkcs11-devel Library files for developing PKCS #11 modules using basic NSS @@ -262,7 +261,7 @@ Utilities for Network Security Services and the Softoken module %package util-devel Summary: Development libraries for Network Security Services Utilities -Requires: nss-util%{?_isa} = %{version}-%{release} +Requires: nss-util%{?_isa} = %{nss_version}-%{nss_release} Requires: nspr-devel >= %{nspr_version} Requires: pkgconfig @@ -273,8 +272,8 @@ Header and library files for doing development with Network Security Services. %package softokn Summary: Network Security Services Softoken Module Requires: nspr >= %{nspr_version} -Requires: nss-util >= %{version}-%{release} -Requires: nss-softokn-freebl%{_isa} >= %{version}-%{release} +Requires: nss-util >= %{nss_version}-%{nss_release} +Requires: nss-softokn-freebl%{_isa} >= %{nss_version}-%{nss_release} %description softokn Network Security Services Softoken Cryptographic Module @@ -295,8 +294,8 @@ Install the nss-softokn-freebl package if you need the freebl library. %package softokn-freebl-devel Summary: Header and Library files for doing development with the Freebl library for NSS -Provides: nss-softokn-freebl-static = %{version}-%{release} -Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release} +Provides: nss-softokn-freebl-static = %{nss_version}-%{nss_release} +Requires: nss-softokn-freebl%{?_isa} = %{nss_version}-%{nss_release} %description softokn-freebl-devel NSS Softoken Cryptographic Module Freebl Library Development Tools @@ -307,10 +306,10 @@ Developers should rely only on the officially supported NSS public API. %package softokn-devel Summary: Development libraries for Network Security Services -Requires: nss-softokn%{?_isa} = %{version}-%{release} -Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release} +Requires: nss-softokn%{?_isa} = %{nss_version}-%{nss_release} +Requires: nss-softokn-freebl-devel%{?_isa} = %{nss_version}-%{nss_release} Requires: nspr-devel >= %{nspr_version} -Requires: nss-util-devel >= %{version}-%{release} +Requires: nss-util-devel >= %{nss_version}-%{nss_release} Requires: pkgconfig %description softokn-devel @@ -434,7 +433,7 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1 # FIPS related defines export NSS_FORCE_FIPS=1 -export NSS_FIPS_VERSION="%{name}\ %{version}-%{srpmhash}" +export NSS_FIPS_VERSION="%{name}\ %{nss_version}-%{srpmhash}" eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release | sed -e 's/ /\\ /g') export FIPS_MODULE_OS="$OS_NAME\ ${OS_VERSION_ID%%.*}" export NSS_FIPS_MODULE_ID="${FIPS_MODULE_OS}\ ${NSS_FIPS_VERSION}" @@ -1171,6 +1170,11 @@ update-crypto-policies &> /dev/null || : %changelog +* Mon Jun 12 2023 Bob Relyea - 3.90.0-1 +- Rebase to NSS-3.90 +- Rebase to NSPR-3.35 +- fix incorrect version values in the NSS spec file for FIPS + * Fri Mar 17 2023 Bob Relyea - 3.79.0-18 - fix memory leak, add generator test in FIPS mode. diff --git a/sources b/sources index a96c9b9..293e348 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 -SHA512 (nspr-4.34.tar.gz) = 4cfac886c14cf7df4c4b79fa1c3bc92e1b14260c9c3018fa2562060d62fecb4e66c0b4e8f7edf4f4823def784a919d99dde88a89674f0cd8a644310b0569ead4 -SHA512 (nss-3.79.tar.gz) = d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d +SHA512 (nspr-4.35.tar.gz) = 502815833116e25f79ddf71d1526484908aa92fbc55f8a892729cb404a4daafcc0470a89854cd080d2d20299fdb7d9662507c5362c7ae661cbacf308ac56ef7f +SHA512 (nss-3.90.tar.gz) = e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625