rpms/nss
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import nss-3.44.0-8.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-11-05 15:19:29 -05:00 committed by Andrew Lukoshko
commit a09480012a
36 changed files with 10886 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.gitignore vendored Normal file
View File

@ -0,0 +1,14 @@
SOURCES/blank-cert8.db
SOURCES/blank-cert9.db
SOURCES/blank-key3.db
SOURCES/blank-key4.db
SOURCES/blank-secmod.db
SOURCES/cert8.db.xml
SOURCES/cert9.db.xml
SOURCES/key3.db.xml
SOURCES/key4.db.xml
SOURCES/nss-3.44.tar.gz
SOURCES/nss-config.xml
SOURCES/nss-softokn-cavs-1.0.tar.gz
SOURCES/secmod.db.xml
SOURCES/setup-nsssysinit.xml

14
.nss.metadata Normal file
View File

@ -0,0 +1,14 @@
d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db
b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db
f9c9568442386da370193474de1b25c3f68cdaf6 SOURCES/blank-key4.db
bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db
6a43a6788fff0f2a967051209adbd354fad4c346 SOURCES/cert8.db.xml
ea6705e15999bdc6365f05b3d66f9c1d49677f84 SOURCES/cert9.db.xml
24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml
af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml
44a83b1bf4efd27605177ecdbf217e579ae8c8ae SOURCES/nss-3.44.tar.gz
2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml
d8a7f044570732caf4ed06fd44a63b3e86ea2a16 SOURCES/nss-softokn-cavs-1.0.tar.gz
ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml
bcbe05281b38d843273f91ae3f9f19f70c7d97b3 SOURCES/setup-nsssysinit.xml

13
SOURCES/iquote.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
SQLITE_LIB_NAME = sqlite3
endif
+# Prefer in-tree headers over system headers
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
+endif
+
MK_LOCATION = included

560
SOURCES/nss-3.44-missing-softokn-kdf.patch Normal file
View File

@ -0,0 +1,560 @@
diff -up ./gtests/pk11_gtest/manifest.mn.missing_kdf ./gtests/pk11_gtest/manifest.mn
--- ./gtests/pk11_gtest/manifest.mn.missing_kdf 2019-08-08 10:22:53.072100034 -0700
+++ ./gtests/pk11_gtest/manifest.mn 2019-08-08 10:23:33.424061237 -0700
@@ -14,6 +14,7 @@ CPPSRCS = \
pk11_encrypt_derive_unittest.cc \
pk11_export_unittest.cc \
pk11_import_unittest.cc \
+ pk11_kdf_unittest.cc \
pk11_pbkdf2_unittest.cc \
pk11_prf_unittest.cc \
pk11_prng_unittest.cc \
diff -up ./gtests/pk11_gtest/pk11_gtest.gyp.missing_kdf ./gtests/pk11_gtest/pk11_gtest.gyp
--- ./gtests/pk11_gtest/pk11_gtest.gyp.missing_kdf 2019-08-08 10:23:13.298080588 -0700
+++ ./gtests/pk11_gtest/pk11_gtest.gyp 2019-08-08 10:23:49.728045561 -0700
@@ -19,6 +19,7 @@
'pk11_ecdsa_unittest.cc',
'pk11_encrypt_derive_unittest.cc',
'pk11_import_unittest.cc',
+ 'pk11_kdf_unittest.cc',
'pk11_pbkdf2_unittest.cc',
'pk11_prf_unittest.cc',
'pk11_prng_unittest.cc',
diff -up ./gtests/pk11_gtest/pk11_kdf_unittest.cc.missing_kdf ./gtests/pk11_gtest/pk11_kdf_unittest.cc
--- ./gtests/pk11_gtest/pk11_kdf_unittest.cc.missing_kdf 2019-08-07 14:23:28.657960569 -0700
+++ ./gtests/pk11_gtest/pk11_kdf_unittest.cc 2019-08-08 10:22:38.015114511 -0700
@@ -0,0 +1,509 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "cpputil.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+const size_t kGxySize = 256;
+const size_t kSeedSize = 8;
+const size_t kKeySize = 64;
+const size_t kLongKeySize = 1056;
+const size_t kAesXcbcLen = 16;
+const size_t kSha1Len = 20;
+const size_t kSha224Len = 28;
+const size_t kSha256Len = 32;
+const size_t kSha384Len = 48;
+const size_t kSha512Len = 64;
+
+// This is not the right size for anything
+const size_t kIncorrectSize = 17;
+
+const uint8_t kGxyData[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
+ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x21, 0x22, 0x23,
+ 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
+ 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
+ 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
+ 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
+ 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+ 0xfc, 0xfd, 0xfe, 0xff};
+
+const uint8_t kKeyData[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0x3e, 0x3f};
+
+const uint8_t kSeed[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+ 0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3};
+
+const uint8_t kExpectedOutputIkeSha256[] = {
+ 0xd3, 0x9d, 0xb2, 0x77, 0x4b, 0x7f, 0xea, 0x81, 0xfc, 0xe5, 0x22, 0xb7,
+ 0xdf, 0xa5, 0x65, 0x15, 0xc9, 0x8f, 0x89, 0x45, 0xda, 0xd9, 0x5d, 0x12,
+ 0xbb, 0x52, 0xb6, 0x3b, 0xf4, 0x4d, 0xaf, 0x16};
+
+const uint8_t kExpectedOutputIke1Sha256[] = {
+ 0x25, 0x45, 0x68, 0xd2, 0x98, 0x96, 0xa3, 0xda, 0x89, 0x76, 0x06, 0x01,
+ 0xd0, 0xce, 0xf8, 0x05, 0x26, 0x3f, 0xaf, 0x95, 0x92, 0x48, 0x02, 0x0e,
+ 0x39, 0x75, 0x94, 0x00, 0x22, 0xd8, 0x5a, 0x50};
+
+const uint8_t kExpectedOutputIkePlusSha256[] = {
+ 0x03, 0x1e, 0xe7, 0x13, 0x6e, 0x58, 0x11, 0xc4, 0x81, 0x56, 0x42, 0x3c,
+ 0x3c, 0xaa, 0xdb, 0xad, 0x8a, 0x84, 0xdc, 0xa3, 0x0f, 0xe7, 0x67, 0x55,
+ 0x9c, 0x9f, 0xb8, 0x57, 0xa9, 0x5b, 0x41, 0x53, 0x86, 0xe0, 0xb3, 0x21,
+ 0x08, 0x1b, 0x38, 0x24, 0xce, 0xef, 0x7c, 0x89, 0x0d, 0xa7, 0xae, 0x14,
+ 0x58, 0xbd, 0x79, 0x9c, 0x32, 0x25, 0x7f, 0x3e, 0xbd, 0xe1, 0xfb, 0x3a,
+ 0x38, 0x51, 0x05, 0xaa, 0xc8, 0x37, 0x3e, 0x4e, 0x9b, 0x70, 0xb8, 0xe2,
+ 0x21, 0xe7, 0x12, 0xb3, 0xf7, 0x64, 0x21, 0x9d, 0x52, 0x38, 0x41, 0xfb,
+ 0x54, 0xaf, 0x59, 0xc3, 0xab, 0xf3, 0x7f, 0x64, 0xee, 0x17, 0xf5, 0xa8,
+ 0x2b, 0xdf, 0x2d, 0xd3, 0x29, 0x0e, 0x4f, 0x31, 0x54, 0x25, 0x4e, 0x65,
+ 0x52, 0xdf, 0x66, 0xfd, 0x49, 0x85, 0x1f, 0x87, 0x71, 0xa1, 0x5c, 0xfa,
+ 0x99, 0xf5, 0x21, 0x9a, 0xbc, 0x55, 0x5b, 0x1c, 0x19, 0xd9, 0x4b, 0x42,
+ 0xc5, 0xa0, 0xed, 0x1a, 0x1e, 0xf0, 0x04, 0x52, 0xb3, 0xd0, 0x0f, 0x48,
+ 0x45, 0x00, 0xdc, 0x94, 0xae, 0xd8, 0x70, 0x2e, 0xdd, 0x12, 0xe1, 0x66,
+ 0x72, 0xc2, 0x39, 0xd2, 0xc6, 0xfa, 0xdd, 0x8c, 0x11, 0x9c, 0x9d, 0x60,
+ 0xd1, 0x08, 0x79, 0x62, 0xbb, 0x97, 0x45, 0x38, 0x2d, 0x83, 0x9c, 0x2e,
+ 0x8f, 0x88, 0xa3, 0xad, 0x5b, 0x8e, 0x4e, 0x0e, 0xdb, 0xee, 0xaf, 0x1d,
+ 0xf6, 0xe7, 0x7e, 0x28, 0xc5, 0xcf, 0x0c, 0xd9, 0xee, 0xde, 0xc8, 0x87,
+ 0x00, 0xfe, 0x02, 0xd8, 0x30, 0xa6, 0x68, 0xec, 0x51, 0x22, 0xac, 0x4c,
+ 0x38, 0x0f, 0xbb, 0x5c, 0xcb, 0xd5, 0x93, 0xda, 0xea, 0xd0, 0x1b, 0x41,
+ 0x85, 0x8d, 0x12, 0x56, 0xbb, 0x90, 0x62, 0xc9, 0x91, 0x62, 0xf8, 0x29,
+ 0x9a, 0x4f, 0xd8, 0x5e, 0x7d, 0x1f, 0x69, 0xe8, 0x23, 0x53, 0x26, 0x98,
+ 0x98, 0x88, 0xfa, 0x14, 0xdc, 0xa3, 0x0f, 0xc7, 0x58, 0xb2, 0x6d, 0xa5,
+ 0x34, 0x53, 0xb5, 0xc3, 0xcc, 0xbb, 0xd7, 0xd4, 0x80, 0xf3, 0x8c, 0x79,
+ 0xd2, 0xac, 0x12, 0xa5, 0xf9, 0x99, 0xe7, 0x1b, 0x46, 0x16, 0x02, 0x6a,
+ 0xa3, 0xc5, 0x20, 0xb5, 0x5a, 0x55, 0xbd, 0xac, 0x70, 0xf1, 0x5b, 0xe4,
+ 0x45, 0x12, 0x7e, 0xcf, 0x12, 0xbf, 0x53, 0x7e, 0x3d, 0xbe, 0x53, 0x77,
+ 0xc4, 0x2c, 0x17, 0x5f, 0xe5, 0xb9, 0x73, 0x01, 0x5d, 0x9b, 0x34, 0x3c,
+ 0x45, 0xf0, 0xa4, 0x91, 0xaf, 0x34, 0xa2, 0xd6, 0x0a, 0x14, 0x98, 0x2c,
+ 0x91, 0xd5, 0x8f, 0x12, 0xde, 0x7c, 0x61, 0xd8, 0x42, 0x07, 0x42, 0x1a,
+ 0x01, 0x2b, 0xf6, 0x54, 0xd1, 0xde, 0x6d, 0x9c, 0x8b, 0x51, 0x81, 0x3e,
+ 0x01, 0xd1, 0xfb, 0x5a, 0xcd, 0xf0, 0xeb, 0xcc, 0x03, 0xe2, 0xc1, 0x31,
+ 0x92, 0x11, 0x88, 0x1f, 0xec, 0x81, 0x07, 0x78, 0x89, 0x89, 0x29, 0x19,
+ 0x3f, 0x75, 0x01, 0x0e, 0x73, 0xbc, 0x1e, 0x76, 0x23, 0x80, 0x36, 0xaa,
+ 0x2a, 0xd0, 0x77, 0x57, 0x6a, 0xea, 0xe2, 0xdb, 0xed, 0x17, 0x79, 0x3d,
+ 0x8b, 0x8a, 0xbe, 0x32, 0x90, 0x2e, 0x1c, 0x00, 0xc2, 0x27, 0xb5, 0x64,
+ 0x7c, 0xc3, 0xca, 0xb8, 0xaf, 0xcb, 0x17, 0x29, 0xec, 0x00, 0x5b, 0x83,
+ 0x9f, 0xfe, 0x8b, 0xb6, 0x6f, 0x01, 0x23, 0x6b, 0xb3, 0xaa, 0x34, 0x3f,
+ 0x5c, 0x66, 0x7c, 0xec, 0x15, 0x5a, 0xa9, 0x3c, 0xe2, 0xef, 0xcb, 0xe5,
+ 0x79, 0xfa, 0xf2, 0x7c, 0x4e, 0x0f, 0x70, 0x41, 0xa4, 0x09, 0x07, 0x30,
+ 0xbd, 0x28, 0x3f, 0x30, 0xd3, 0xc2, 0xbd, 0x06, 0x5e, 0x21, 0xbd, 0x20,
+ 0xae, 0xa4, 0xa9, 0x7d, 0x91, 0xe8, 0x9d, 0x0a, 0x81, 0x02, 0xf7, 0xd6,
+ 0x7c, 0x1f, 0xb6, 0xa5, 0x40, 0xb6, 0x25, 0xac, 0xce, 0x77, 0x20, 0xfa,
+ 0x71, 0x79, 0x21, 0x94, 0xcd, 0x63, 0xcf, 0x62, 0xd4, 0xda, 0xc6, 0xe8,
+ 0x3c, 0xdb, 0x86, 0x1e, 0x8d, 0x2d, 0x12, 0xf6, 0xea, 0xb0, 0xed, 0xf8,
+ 0xfa, 0xc6, 0x37, 0xee, 0xca, 0x11, 0x1a, 0xac, 0x95, 0xf6, 0xe3, 0x02,
+ 0x97, 0xba, 0xb2, 0xb2, 0x02, 0x82, 0xbe, 0x32, 0xa3, 0xe8, 0xf4, 0xae,
+ 0x4e, 0xaf, 0x47, 0xb9, 0xe7, 0x91, 0x18, 0x90, 0xd8, 0xcb, 0x59, 0xed,
+ 0xc2, 0x47, 0x6d, 0xe1, 0x9d, 0x74, 0xe6, 0xc7, 0xc0, 0xdc, 0x82, 0x5b,
+ 0x6a, 0x7d, 0x1c, 0x58, 0xc8, 0x3d, 0x7d, 0xed, 0xdd, 0x60, 0x91, 0x9e,
+ 0x68, 0x6e, 0x56, 0x33, 0x8b, 0xca, 0x35, 0xf8, 0x96, 0x67, 0x22, 0x3a,
+ 0xb9, 0x02, 0xe9, 0x7c, 0xb1, 0xca, 0x25, 0xc2, 0xc8, 0xc7, 0xd8, 0x71,
+ 0xfa, 0xfa, 0x76, 0xeb, 0x1d, 0x52, 0x75, 0xc6, 0x56, 0xf3, 0x1a, 0xd3,
+ 0xda, 0xe4, 0x49, 0x7b, 0xd0, 0x77, 0x72, 0x06, 0xe7, 0xb9, 0xd9, 0x06,
+ 0x87, 0x43, 0x6a, 0x52, 0xee, 0x3a, 0x71, 0x6e, 0x51, 0x8d, 0x55, 0x7a,
+ 0xb1, 0x62, 0x75, 0xac, 0xa9, 0x89, 0x77, 0x93, 0x40, 0xef, 0x66, 0x44,
+ 0x08, 0x49, 0xbb, 0xdb, 0x85, 0x0b, 0xd3, 0xfa, 0x37, 0x27, 0x41, 0xd1,
+ 0x57, 0xc3, 0x95, 0xaa, 0x85, 0x5a, 0x43, 0x74, 0x39, 0x72, 0x08, 0xdf,
+ 0x58, 0xe1, 0xf7, 0x95, 0x6c, 0xc1, 0xb1, 0x9b, 0x21, 0x53, 0xc1, 0xf9,
+ 0xcc, 0x74, 0xf9, 0x62, 0xa4, 0xa0, 0x34, 0x22, 0xaa, 0x84, 0x78, 0x49,
+ 0x50, 0xa9, 0x8e, 0x7b, 0xfa, 0xaa, 0xc2, 0xe8, 0xae, 0x34, 0x3d, 0xa7,
+ 0xe1, 0x5a, 0x14, 0xa6, 0xd7, 0x6c, 0x67, 0xc7, 0x5e, 0xda, 0x79, 0x36,
+ 0x57, 0x85, 0x5e, 0x09, 0xa2, 0x1f, 0x96, 0x5a, 0x71, 0xc2, 0xfe, 0x57,
+ 0x5c, 0x4c, 0xe8, 0xbf, 0x9b, 0x5c, 0xd7, 0x06, 0x09, 0xb5, 0x63, 0x93,
+ 0x7e, 0xee, 0x65, 0xef, 0x88, 0xe1, 0x60, 0x3e, 0x50, 0x84, 0x39, 0xb9,
+ 0xae, 0xab, 0xad, 0xee, 0x31, 0x04, 0x7f, 0xed, 0x78, 0x35, 0xc0, 0x14,
+ 0xa6, 0xc3, 0xeb, 0x3c, 0xd7, 0xc3, 0xb3, 0x6b, 0x58, 0x63, 0x7e, 0xa8,
+ 0xc9, 0xb9, 0x23, 0xd3, 0xe5, 0xe7, 0xcc, 0x84, 0x63, 0xc8, 0xbd, 0x31,
+ 0x9f, 0x02, 0x4e, 0x74, 0x98, 0xba, 0x8a, 0x0c, 0x80, 0xab, 0x10, 0xc4,
+ 0xb2, 0x61, 0xad, 0x3d, 0x93, 0x9d, 0xdc, 0x76, 0xe5, 0x0e, 0x2e, 0x4b,
+ 0x81, 0x3b, 0x1f, 0xd3, 0x54, 0xc0, 0x2a, 0xde, 0x0e, 0x1d, 0x59, 0x31,
+ 0x5c, 0x28, 0xf8, 0x75, 0xfc, 0x71, 0x2e, 0xc1, 0x85, 0x90, 0x23, 0xfd,
+ 0x2e, 0x8b, 0xb9, 0x52, 0x1a, 0xdf, 0x61, 0x54, 0x9b, 0x43, 0xa6, 0x8d,
+ 0x5f, 0xd0, 0x52, 0x0b, 0x66, 0xbc, 0xf5, 0x1a, 0xce, 0x58, 0xef, 0xb3,
+ 0x1d, 0x8d, 0x4b, 0x1b, 0xf3, 0x8e, 0xe6, 0x68, 0xc3, 0xd5, 0x95, 0x42,
+ 0xf5, 0xb0, 0x73, 0x2c, 0x31, 0x71, 0x20, 0xf5, 0xdc, 0xbf, 0x56, 0x72,
+ 0x53, 0xf9, 0xfe, 0xfa, 0x19, 0xdc, 0x46, 0xd1, 0x2b, 0xe3, 0xdb, 0x50,
+ 0xec, 0x14, 0xee, 0x70, 0xcc, 0xe6, 0x11, 0x75, 0xb4, 0x63, 0xfc, 0xd1,
+ 0x8f, 0x54, 0xfa, 0xcc, 0x99, 0xcc, 0xb8, 0x61, 0xa7, 0x33, 0x18, 0xa2,
+ 0x17, 0xee, 0xb1, 0x82, 0x3d, 0x6a, 0x8d, 0x63, 0xe0, 0x15, 0x1b, 0x5c,
+ 0x20, 0x53, 0x33, 0xa7, 0x85, 0x17, 0x81, 0xba, 0x18, 0x2a, 0x73, 0x00,
+ 0x1e, 0x3e, 0x2c, 0xb5, 0x5f, 0x4e, 0x82, 0xa8, 0x09, 0xa0, 0x22, 0xdc,
+ 0xc4, 0x76, 0x7c, 0x66, 0xf4, 0x78, 0xa1, 0x0a, 0xf7, 0x39, 0x06, 0x0a,
+ 0xd7, 0x43, 0x72, 0x12, 0x3b, 0x8e, 0x7e, 0x62, 0x4f, 0x5a, 0x03, 0xe5,
+ 0x22, 0x97, 0xdc, 0xbb, 0xaa, 0xa2, 0xc0, 0x03, 0x8e, 0x60, 0xd1, 0x61,
+ 0xc7, 0xef, 0x0f, 0x54, 0x43, 0x4e, 0x38, 0xda, 0xb6, 0xe2, 0x5b, 0x0e,
+ 0x45, 0xae, 0x39, 0x86, 0x85, 0x25, 0x30, 0xb1, 0x9d, 0xda, 0xdb, 0x70,
+ 0xa7, 0xe5, 0x77, 0xb8, 0x47, 0xaa, 0xe7, 0x3e, 0xe8, 0x5a, 0x96, 0xc6,
+ 0x0a, 0x0b, 0x07, 0x8d, 0x6d, 0xeb, 0x80, 0x0c, 0xd9, 0x80, 0x2d, 0x4d};
+
+const uint8_t kExpectedOutputIkeAppBSha256[] = {
+ 0xe7, 0x11, 0x54, 0x6e, 0x3f, 0xaa, 0xd4, 0xc7, 0xc4, 0xaa, 0x75, 0x6b,
+ 0xc2, 0x6c, 0xad, 0x6a, 0xbe, 0xa8, 0x24, 0x19, 0x84, 0xa0, 0xf6, 0xb0,
+ 0x83, 0x9c, 0x70, 0xca, 0x61, 0xc4, 0xef, 0x88, 0xd7, 0xd5, 0xb7, 0x2e,
+ 0x45, 0x32, 0xe1, 0x1d, 0x12, 0x38, 0xfb, 0xcb, 0x08, 0x54, 0xc7, 0xdb,
+ 0xc4, 0x80, 0x2d, 0xd4, 0xf3, 0xbf, 0x51, 0x80, 0xf3, 0xa6, 0xdf, 0x77,
+ 0x51, 0x61, 0xd8, 0xdb, 0x98, 0x2c, 0xc2, 0xe6, 0x72, 0x36, 0x90, 0xf9,
+ 0xd2, 0x2a, 0x6d, 0x6c, 0xeb, 0x10, 0x3f, 0xa0, 0xa3, 0xff, 0xe4, 0x8b,
+ 0x5a, 0x4a, 0x1b, 0xec, 0xb0, 0x48, 0xb0, 0xed, 0x16, 0x8a, 0x89, 0x31,
+ 0x96, 0x5e, 0xa9, 0x11, 0x1f, 0x28, 0x68, 0x07, 0xf1, 0xa3, 0x2b, 0x01,
+ 0x4f, 0x0b, 0x73, 0x78, 0x3b, 0xca, 0x4f, 0x8f, 0x34, 0xc0, 0x21, 0x14,
+ 0xe3, 0xdf, 0xa1, 0xf7, 0x05, 0x63, 0xcb, 0x74, 0x7a, 0x90, 0x59, 0x19,
+ 0xc9, 0xa9, 0x47, 0xcf, 0xe7, 0xbe, 0x04, 0xa7, 0x0c, 0x32, 0xdd, 0x34,
+ 0x07, 0x8f, 0x4f, 0xb5, 0x75, 0xfb, 0xb9, 0x06, 0xd2, 0x55, 0x08, 0xce,
+ 0x0a, 0x47, 0xc2, 0x64, 0x5f, 0xd5, 0xab, 0x55, 0x2a, 0x1a, 0x7e, 0xbd,
+ 0xd5, 0x6d, 0x43, 0x89, 0x3c, 0x53, 0xde, 0x01, 0xfe, 0x19, 0x19, 0xc3,
+ 0xaf, 0xa0, 0x64, 0x2d, 0x7e, 0xe1, 0x7e, 0x31, 0x61, 0xf9, 0xe6, 0x4f,
+ 0x56, 0xc3, 0xc9, 0x7e, 0x92, 0xd7, 0x88, 0x58, 0x1a, 0x7f, 0x3c, 0x3e,
+ 0xae, 0x3f, 0x86, 0xec, 0xb2, 0xaa, 0x8b, 0xaf, 0x22, 0x49, 0xa5, 0x3d,
+ 0xc2, 0xb1, 0x94, 0x0f, 0x5b, 0x08, 0x49, 0xac, 0x23, 0xa4, 0x79, 0x33,
+ 0xde, 0xfb, 0x8b, 0xd3, 0xe6, 0x6c, 0x83, 0xce, 0x01, 0xc7, 0xb4, 0x23,
+ 0x5c, 0x6d, 0x81, 0xda, 0x70, 0x71, 0x43, 0x9c, 0x94, 0x6a, 0x9e, 0x03,
+ 0x6d, 0xc3, 0x71, 0x69, 0x53, 0x83, 0x89, 0x08, 0x1b, 0x2b, 0x4b, 0xa8,
+ 0x4a, 0x2a, 0xdf, 0x26, 0xaf, 0xc3, 0x8e, 0x59, 0x15, 0xa7, 0x24, 0x8f,
+ 0x3c, 0xad, 0x08, 0xf2, 0x12, 0xe1, 0x42, 0x41, 0x0c, 0xcb, 0x3e, 0xf4,
+ 0x71, 0xab, 0xb1, 0x16, 0x2c, 0xb7, 0xe1, 0x3f, 0x94, 0x03, 0x01, 0x78,
+ 0xd7, 0x84, 0x1d, 0x63, 0x03, 0xfe, 0x4b, 0x3f, 0x40, 0xce, 0x30, 0x75,
+ 0x10, 0xd1, 0xa4, 0xd3, 0x3c, 0x68, 0x9b, 0xc0, 0x6b, 0xdc, 0xe1, 0xda,
+ 0x06, 0x41, 0x71, 0x20, 0x88, 0x82, 0x60, 0x2e, 0x48, 0x93, 0x78, 0x30,
+ 0xb4, 0xb9, 0xe3, 0x88, 0x79, 0xf7, 0x0d, 0x0b, 0xa4, 0xae, 0x2e, 0x7b,
+ 0x00, 0x82, 0x49, 0xbf, 0xe8, 0x07, 0xb4, 0x51, 0xd9, 0xa0, 0xf7, 0x8f,
+ 0xe6, 0x24, 0x17, 0xd0, 0xa5, 0x58, 0xcc, 0x37, 0xf2, 0x86, 0x6e, 0xc2,
+ 0xf0, 0xf0, 0x87, 0x64, 0xfa, 0x6e, 0x94, 0x99, 0x1a, 0xbc, 0xd9, 0xea,
+ 0x48, 0x07, 0x38, 0x2e, 0x79, 0x61, 0x82, 0x69, 0x09, 0x6f, 0xbc, 0x8e,
+ 0x44, 0x38, 0x0e, 0xc9, 0x6f, 0xcd, 0xb7, 0x39, 0x92, 0x02, 0x27, 0x23,
+ 0x35, 0xcf, 0x4f, 0xf7, 0x52, 0x7b, 0x33, 0x93, 0xbd, 0x6c, 0x7c, 0xef,
+ 0x39, 0x4b, 0x1a, 0x9f, 0xdf, 0x8f, 0x5c, 0x5b, 0x7b, 0xdb, 0x6b, 0xfd,
+ 0x72, 0xe0, 0xb0, 0xc5, 0x97, 0x5b, 0x08, 0x6b, 0x17, 0x2f, 0x38, 0xd7,
+ 0xbe, 0xf8, 0xd7, 0x20, 0xf5, 0x33, 0x68, 0x69, 0x16, 0xe5, 0x08, 0x05,
+ 0x6c, 0x1b, 0xfa, 0xa8, 0x63, 0x55, 0xb4, 0x03, 0xb9, 0x89, 0xd7, 0x61,
+ 0xf3, 0x9a, 0xf6, 0x45, 0xb4, 0xb2, 0x16, 0x5d, 0xf3, 0x09, 0x7b, 0x09,
+ 0x09, 0x75, 0x0a, 0xbd, 0xdf, 0x7d, 0xe6, 0x1e, 0x07, 0xec, 0x7c, 0x14,
+ 0xac, 0x4b, 0x68, 0xa8, 0x44, 0x5f, 0x77, 0x36, 0xb8, 0x1d, 0x7c, 0x73,
+ 0x82, 0x80, 0xc2, 0x52, 0x55, 0x2c, 0x5d, 0xba, 0x53, 0x79, 0x45, 0xad,
+ 0x51, 0x98, 0xbb, 0x8a, 0xea, 0x4f, 0x19, 0x22, 0x22, 0x69, 0xd3, 0x3a,
+ 0x72, 0xd8, 0xe3, 0x37, 0xf4, 0x3b, 0xf3, 0xf1, 0x52, 0x48, 0x4d, 0xbf,
+ 0xa5, 0x7a, 0xef, 0x44, 0x53, 0x7b, 0x6e, 0x6c, 0xb7, 0x1a, 0xa8, 0x75,
+ 0xaf, 0xdb, 0x15, 0x05, 0x53, 0xc8, 0xb9, 0x9c, 0xea, 0x1a, 0xf7, 0x9d,
+ 0x9b, 0xb6, 0xa6, 0x5e, 0x0f, 0xf7, 0x49, 0x7e, 0xc9, 0x12, 0x38, 0x3d,
+ 0x78, 0xaf, 0x80, 0x3d, 0x76, 0x6d, 0x96, 0x4f, 0x06, 0xff, 0xdf, 0xc5,
+ 0x9c, 0x47, 0xbe, 0x3e, 0x3d, 0xc2, 0x2a, 0x41, 0x15, 0x7e, 0xbd, 0xab,
+ 0x12, 0x02, 0xfe, 0xa5, 0x4f, 0xb4, 0x1a, 0xf5, 0x6a, 0xed, 0xff, 0x50,
+ 0x5a, 0x56, 0x7b, 0x2f, 0xff, 0xff, 0x29, 0xb5, 0x77, 0xf4, 0x38, 0xb3,
+ 0x40, 0xd9, 0x17, 0x89, 0x43, 0x3f, 0x86, 0x29, 0x50, 0xce, 0x72, 0xde,
+ 0x55, 0x63, 0x06, 0x14, 0x50, 0xae, 0xc1, 0x49, 0x10, 0x55, 0x21, 0xeb,
+ 0x68, 0xe7, 0xfc, 0xc7, 0xf5, 0x92, 0xc5, 0xf2, 0xe2, 0xc9, 0xdb, 0x42,
+ 0x59, 0x44, 0x0e, 0xda, 0x23, 0x50, 0x62, 0xef, 0x6e, 0xae, 0x1c, 0x0e,
+ 0x93, 0x74, 0xa6, 0xdb, 0x4c, 0xc7, 0x4b, 0xa6, 0xe2, 0x3a, 0xe3, 0x03,
+ 0x22, 0xd1, 0xe4, 0x21, 0x13, 0x98, 0x6a, 0xeb, 0x43, 0xbf, 0xe6, 0x8a,
+ 0xfb, 0x28, 0x15, 0x47, 0x7e, 0xaa, 0x12, 0x60, 0x08, 0x23, 0xc6, 0x59,
+ 0xeb, 0xc1, 0x71, 0x18, 0x03, 0x16, 0x7f, 0x75, 0x5f, 0x65, 0x8a, 0x7f,
+ 0x1d, 0xae, 0x98, 0x94, 0xa4, 0xb1, 0xf5, 0xcc, 0x0a, 0x6f, 0x62, 0x79,
+ 0x27, 0x38, 0x32, 0x73, 0x90, 0xc8, 0x3f, 0x70, 0xf7, 0x44, 0xcf, 0xfd,
+ 0xc8, 0xfa, 0xcb, 0x3e, 0x73, 0x5f, 0x1d, 0xde, 0xb5, 0x73, 0x4d, 0x00,
+ 0x2a, 0xce, 0x77, 0x92, 0x17, 0x0f, 0xcf, 0xbf, 0x87, 0x78, 0xdc, 0xbc,
+ 0x83, 0xb3, 0x86, 0xd5, 0x32, 0xf5, 0x17, 0x73, 0xba, 0x90, 0xae, 0xc4,
+ 0x40, 0x25, 0x26, 0xde, 0x8c, 0x5e, 0xbb, 0x83, 0x0e, 0x27, 0xd5, 0x0a,
+ 0x4d, 0x89, 0xf0, 0xf3, 0x0f, 0xb5, 0x7d, 0xe3, 0x04, 0x6b, 0x5a, 0x59,
+ 0xf4, 0x0a, 0x23, 0xc9, 0xe9, 0xe5, 0x1c, 0x20, 0x43, 0xac, 0xe2, 0x61,
+ 0x10, 0x8d, 0x20, 0x83, 0xe7, 0x60, 0x28, 0x32, 0xd0, 0x15, 0x67, 0xf1,
+ 0xaf, 0xd4, 0xcb, 0x2a, 0xec, 0xc5, 0xe2, 0xe7, 0xa2, 0x57, 0x18, 0x3d,
+ 0x5e, 0xdd, 0x14, 0x88, 0x39, 0x59, 0x10, 0x9c, 0xa9, 0xf9, 0xd9, 0xb9,
+ 0xdd, 0x09, 0xb0, 0x2f, 0x5a, 0x30, 0x0f, 0xbf, 0x34, 0x8a, 0xf1, 0x62,
+ 0x40, 0x15, 0x4e, 0xe9, 0x69, 0x2f, 0x94, 0x87, 0x07, 0xf0, 0x01, 0xa2,
+ 0x8f, 0x11, 0xb9, 0x31, 0x4c, 0x2b, 0x7d, 0x7f, 0x6c, 0x04, 0xd6, 0x91,
+ 0x4d, 0x71, 0x6b, 0x8c, 0xa7, 0x47, 0xb1, 0x34, 0x34, 0x08, 0xda, 0x5b,
+ 0xcb, 0x82, 0xbb, 0x5b, 0x14, 0x27, 0x2a, 0x20, 0x25, 0xda, 0xbe, 0x1d,
+ 0x21, 0xa8, 0x68, 0x77, 0xf4, 0x17, 0xaf, 0x7f, 0x22, 0xda, 0xd4, 0xc6,
+ 0x38, 0x0c, 0xbe, 0xf1, 0xa5, 0x0b, 0x17, 0x83, 0x22, 0xb3, 0x5b, 0x12,
+ 0x1f, 0x0a, 0x18, 0x14, 0x46, 0xbf, 0x9b, 0xc0, 0x53, 0x7a, 0x83, 0x40,
+ 0xde, 0x1a, 0x9d, 0xf0, 0x3b, 0x66, 0x74, 0x01, 0xa1, 0xfc, 0x29, 0xde,
+ 0x08, 0x66, 0x85, 0x56, 0x2c, 0xc8, 0x30, 0xb7, 0x42, 0x1f, 0xa2, 0x32,
+ 0x28, 0xc4, 0xc5, 0xfe, 0xea, 0xb0, 0x4e, 0x81, 0x59, 0x74, 0x90, 0x93,
+ 0xb1, 0x1c, 0x5c, 0x4f, 0x54, 0x5e, 0xcc, 0xd7, 0x1d, 0x75, 0xd2, 0x3d,
+ 0x77, 0xff, 0x72, 0xa8, 0x74, 0x31, 0xec, 0x74, 0xe8, 0xcc, 0x69, 0xce,
+ 0xde, 0xe5, 0x05, 0x1e, 0xc2, 0x99, 0x90, 0x22, 0xe5, 0x10, 0xd4, 0xaf,
+ 0x52, 0xe3, 0x47, 0xf4, 0x38, 0xeb, 0xa3, 0xd2, 0x72, 0x64, 0xb2, 0xd3,
+ 0x0c, 0x0c, 0xaa, 0xae, 0x29, 0xb5, 0x38, 0xd4, 0x52, 0xfa, 0x96, 0x17,
+ 0x7a, 0x18, 0xe8, 0x89, 0xd2, 0xd5, 0xd9, 0xae, 0x5a, 0x0e, 0x25, 0x8d};
+
+class IkeKdfTest : public ::testing::Test {
+ public:
+ IkeKdfTest()
+ : params_({siBuffer, nullptr, 0}),
+ gxy_item_({siBuffer, toUcharPtr(kGxyData), kGxySize}),
+ skey_item_({siBuffer, toUcharPtr(kKeyData), kKeySize}),
+ key_mech_(0),
+ slot_(nullptr),
+ gxy_(nullptr),
+ skey_(nullptr),
+ okey_(nullptr) {}
+
+ ~IkeKdfTest() {
+ if (slot_) {
+ PK11_FreeSlot(slot_);
+ }
+ if (gxy_) {
+ PK11_FreeSymKey(gxy_);
+ }
+ ClearTempVars();
+ }
+
+ void ClearTempVars() {
+ if (skey_) {
+ PK11_FreeSymKey(skey_);
+ skey_ = nullptr;
+ }
+ if (okey_) {
+ PK11_FreeSymKey(okey_);
+ okey_ = nullptr;
+ }
+ }
+
+ void Init() {
+ params_.type = siBuffer;
+
+ gxy_item_.type = siBuffer;
+ gxy_item_.data =
+ const_cast<unsigned char*>(static_cast<const unsigned char*>(kGxyData));
+ gxy_item_.len = sizeof(kGxyData);
+ skey_item_.type = siBuffer;
+ skey_item_.data =
+ const_cast<unsigned char*>(static_cast<const unsigned char*>(kKeyData));
+
+ slot_ = PK11_GetInternalSlot();
+ ASSERT_NE(nullptr, slot_);
+ gxy_ = PK11_ImportSymKey(slot_, CKM_NSS_IKE_PRF_DERIVE, PK11_OriginUnwrap,
+ CKA_DERIVE, &gxy_item_, NULL);
+ ASSERT_NE(nullptr, gxy_);
+ }
+
+ void ComputeAndVerifyKey(CK_MECHANISM_TYPE derive_mech,
+ CK_MECHANISM_TYPE hash_mech, const uint8_t* expected) {
+ // Infer prf length from mechanism
+ int prf_len = 0;
+ std::string mac = "unknown";
+
+ switch (hash_mech) {
+ case CKM_AES_XCBC_MAC:
+ prf_len = kAesXcbcLen;
+ mac = "CKM_AES_XCBC_MAC";
+ break;
+ case CKM_SHA_1_HMAC:
+ prf_len = kSha1Len;
+ mac = "CKM_SHA_1_HMAC";
+ break;
+ case CKM_SHA224_HMAC:
+ prf_len = kSha224Len;
+ mac = "CKM_SHA224_HMAC";
+ break;
+ case CKM_SHA256_HMAC:
+ prf_len = kSha256Len;
+ mac = "CKM_SHA256_HMAC";
+ break;
+ case CKM_SHA384_HMAC:
+ prf_len = kSha384Len;
+ mac = "CKM_SHA384_HMAC";
+ break;
+ case CKM_SHA512_HMAC:
+ prf_len = kSha512Len;
+ mac = "CKM_SHA512_HMAC";
+ break;
+ default:
+ ASSERT_TRUE(false) << "Invalid PRF Mechanism";
+ }
+
+ Inner(derive_mech, hash_mech, mac, prf_len, expected);
+ }
+
+ // Set output == nullptr to test when errors occur
+ void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech,
+ std::string mac, size_t prf_len, const uint8_t* expected) {
+ PRBool use_skey = PR_FALSE;
+ size_t output_len = 0;
+ PK11SymKey *derive_key = nullptr;
+ std::stringstream s;
+ s << "Derive:";
+ std::string msg;
+
+ ClearTempVars();
+
+ // Import the params
+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf;
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf;
+ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS ikep_prf;
+ CK_MECHANISM_TYPE ike1_app_b;
+
+ switch (derive_mech) {
+ case CKM_NSS_IKE_PRF_DERIVE:
+ ike_prf.prfMechanism = hash_mech;
+ ike_prf.bDataAsKey = PR_TRUE;
+ ike_prf.bRekey = PR_FALSE;
+ ike_prf.pNi = toUcharPtr(kSeed);
+ ike_prf.ulNiLen = kSeedSize;
+ ike_prf.pNr = toUcharPtr(kSeed);
+ ike_prf.ulNrLen = kSeedSize;
+ ike_prf.hNewKey = CK_INVALID_HANDLE;
+ output_len = 0;
+ use_skey = PR_FALSE;
+ params_.data = reinterpret_cast<unsigned char*>(&ike_prf);
+ params_.len = sizeof(ike_prf);
+ s << "CKM_NSS_IKE_PRF_DERIVE";
+ break;
+ case CKM_NSS_IKE_PRF_PLUS_DERIVE:
+ ikep_prf.prfMechanism = hash_mech;
+ ikep_prf.bHasSeedKey = PR_FALSE;
+ ikep_prf.pSeedData= toUcharPtr(kSeed);
+ ikep_prf.ulSeedDataLen = kSeedSize*4;
+ output_len = kLongKeySize;
+ use_skey = PR_TRUE;
+ params_.data = reinterpret_cast<unsigned char*>(&ikep_prf);
+ params_.len = sizeof(ikep_prf);
+ s << "CKM_NSS_IKE_PRF_PLUS_DERIVE";
+ break;
+ case CKM_NSS_IKE1_PRF_DERIVE:
+ ike1_prf.prfMechanism = hash_mech;
+ ike1_prf.bHasPrevKey = PR_FALSE;
+ ike1_prf.hKeygxy = PK11_GetSymKeyHandle(gxy_);
+ ike1_prf.hPrevKey = CK_INVALID_HANDLE;
+ ike1_prf.pCKYi = toUcharPtr(kSeed);
+ ike1_prf.ulCKYiLen = kSeedSize;
+ ike1_prf.pCKYr = toUcharPtr(kSeed);
+ ike1_prf.ulCKYrLen = kSeedSize;
+ ike1_prf.keyNumber = 0;
+ output_len = prf_len;
+ use_skey = PR_TRUE;
+ params_.data = reinterpret_cast<unsigned char*>(&ike1_prf);
+ params_.len = sizeof(ike1_prf);
+ s << "CKM_NSS_IKE1_PRF_DERIVE";
+ break;
+ case CKM_NSS_IKE1_APP_B_PRF_DERIVE:
+ ike1_app_b = hash_mech;
+ output_len = kLongKeySize;
+ use_skey = PR_TRUE;
+ params_.data = reinterpret_cast<unsigned char*>(&ike1_app_b);
+ params_.len = sizeof(ike1_app_b);
+ s << "CKM_NSS_IKE1_APP_B_DERIVE";
+ break;
+ default:
+ ASSERT_TRUE(false) << "Invalid IKE DERIVE mechanism";
+ }
+
+ s << " Mac/Prf:" << mac;
+ msg = s.str();
+
+
+ // Import the PMS
+ derive_key = gxy_;
+ if (use_skey) {
+ skey_item_.len = prf_len;
+ skey_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap,
+ CKA_DERIVE, &skey_item_, NULL);
+ ASSERT_NE(nullptr, skey_) << msg;
+ derive_key = skey_;
+ }
+
+ // Compute the result key
+ okey_ = PK11_DeriveWithFlags(derive_key, derive_mech, &params_, key_mech_,
+ CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
+
+ // Verify the result has the expected value (null or otherwise)
+ int error = PORT_GetError();
+ s << " Error=" << error;
+ msg = s.str();
+ if (!expected) {
+ EXPECT_EQ(nullptr, okey_) << msg;
+ } else {
+ ASSERT_NE(nullptr, okey_) << msg;
+
+ SECStatus rv = PK11_ExtractKeyValue(okey_);
+ ASSERT_EQ(SECSuccess, rv) << "PK11_ExtractKeyValue";
+
+ SECItem* oData = PK11_GetKeyData(okey_);
+ ASSERT_NE(nullptr, oData) << "PK11_GetKeyData";
+
+ if (output_len == 0) {
+ output_len = prf_len;
+ }
+ s << "\n" << "output_len=" << output_len << " oData->len=" << oData->len << ".\n";
+ for (unsigned int i=0; i < oData->len; i++) {
+ if (i % 12 == 0) s << "\n ";
+ s << " 0x" << std::setfill('0')
+ << std::setw(2) << std::hex << (int) oData->data[i] << ",";
+ }
+ s << "};\n";
+ msg = s.str();
+ ASSERT_EQ(output_len, oData->len) << msg ;
+
+ EXPECT_EQ(0, memcmp(oData->data, expected, output_len)) << msg;
+ }
+ }
+
+ protected:
+ SECItem params_;
+ SECItem gxy_item_;
+ SECItem skey_item_;
+ CK_MECHANISM_TYPE key_mech_;
+ PK11SlotInfo* slot_;
+ PK11SymKey* gxy_;
+ PK11SymKey* skey_;
+ PK11SymKey* okey_;
+};
+
+//
+// The full range is tested with the FIPS vectors in the cavs tests.
+// just make sure the NSS Derive iterfaces are working for everything.
+//
+TEST_F(IkeKdfTest, IkePrfSha256) {
+ Init();
+ ComputeAndVerifyKey(CKM_NSS_IKE_PRF_DERIVE, CKM_SHA256_HMAC,
+ kExpectedOutputIkeSha256);
+}
+
+TEST_F(IkeKdfTest, Ike1PrfSha256) {
+ Init();
+ ComputeAndVerifyKey(CKM_NSS_IKE1_PRF_DERIVE, CKM_SHA256_HMAC,
+ kExpectedOutputIke1Sha256);
+}
+
+TEST_F(IkeKdfTest, IkePlusPrfSha256) {
+ Init();
+ ComputeAndVerifyKey(CKM_NSS_IKE_PRF_PLUS_DERIVE, CKM_SHA256_HMAC,
+ kExpectedOutputIkePlusSha256);
+}
+
+TEST_F(IkeKdfTest, Ike1AppBPrfSha256) {
+ Init();
+ ComputeAndVerifyKey(CKM_NSS_IKE1_APP_B_PRF_DERIVE, CKM_SHA256_HMAC,
+ kExpectedOutputIkeAppBSha256);
+}
+
+} // namespace nss_test
diff -up ./lib/softoken/pkcs11.c.missing_kdf ./lib/softoken/pkcs11.c
--- ./lib/softoken/pkcs11.c.missing_kdf 2019-08-07 14:18:55.039435109 -0700
+++ ./lib/softoken/pkcs11.c 2019-08-08 10:28:12.449792962 -0700
@@ -516,7 +516,8 @@ static const struct mechanismList mechan
/* --------------------IPSEC ----------------------- */
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE },
{ CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }
+ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }
};
static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);
diff -up ./lib/softoken/sftkike.c.missing_kdf ./lib/softoken/sftkike.c
--- ./lib/softoken/sftkike.c.missing_kdf 2019-08-08 10:24:27.872008887 -0700
+++ ./lib/softoken/sftkike.c 2019-08-08 10:27:34.416829530 -0700
@@ -744,7 +744,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
* key is inKey
*/
thisKey = outKeyData;
- for (genKeySize = 0; genKeySize <= keySize; genKeySize += macSize) {
+ for (genKeySize = 0; genKeySize < keySize; genKeySize += macSize) {
crv = prf_init(&context, inKey->attrib.pValue, inKey->attrib.ulValueLen);
if (crv != CKR_OK) {
goto fail;

62
SOURCES/nss-539183.patch Normal file
View File

@ -0,0 +1,62 @@
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
@@ -953,23 +953,23 @@
getBoundListenSocket(unsigned short port)
{
PRFileDesc *listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSockett");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
@@ -1711,23 +1711,23 @@
getBoundListenSocket(unsigned short port)
{
PRFileDesc *listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket error");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");

13
SOURCES/nss-8-add-ipsec-usage-to-manpage.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up ./doc/certutil.xml.ipsec_doc ./doc/certutil.xml
--- ./doc/certutil.xml.ipsec_doc 2019-05-10 14:14:18.000000000 -0700
+++ ./doc/certutil.xml 2019-06-05 16:49:44.229301383 -0700
@@ -428,6 +428,9 @@ of the attribute codes:
<listitem>
<para><command>J</command> (as an object signer)</para>
</listitem>
+ <listitem>
+<para><command>I</command> (as an IPSEC user)</para>
+ </listitem>
</itemizedlist></listitem>
</varlistentry>

571
SOURCES/nss-8-fix-public-key-from-priv.patch Normal file
View File

@ -0,0 +1,571 @@
diff -up ./gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mech ./gtests/pk11_gtest/pk11_import_unittest.cc
--- ./gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mech 2019-05-10 14:14:18.000000000 -0700
+++ ./gtests/pk11_gtest/pk11_import_unittest.cc 2019-06-05 16:43:42.276498676 -0700
@@ -78,17 +78,40 @@ class Pk11KeyImportTestBase : public ::t
CK_MECHANISM_TYPE mech_;
private:
+ SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) {
+ SECItem null = { siBuffer, NULL, 0};
+ switch(SECKEY_GetPublicKeyType(pub_key.get())) {
+ case rsaKey:
+ case rsaPssKey:
+ case rsaOaepKey:
+ return pub_key->u.rsa.modulus;
+ case keaKey:
+ return pub_key->u.kea.publicValue;
+ case dsaKey:
+ return pub_key->u.dsa.publicValue;
+ case dhKey:
+ return pub_key->u.dh.publicValue;
+ case ecKey:
+ return pub_key->u.ec.publicValue;
+ case fortezzaKey: /* depricated */
+ case nullKey:
+ /* didn't use default here so we can catch new key types at compile time */
+ break;
+ }
+ return null;
+ }
void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key,
const SECItem* expected_public) {
// Verify the public key exists.
StackSECItem priv_id;
+ KeyType type = SECKEY_GetPrivateKeyType(priv_key.get());
SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(),
CKA_ID, &priv_id);
ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: "
<< PORT_ErrorToName(PORT_GetError());
CK_ATTRIBUTE_TYPE value_type = CKA_VALUE;
- switch (SECKEY_GetPrivateKeyType(priv_key.get())) {
+ switch (type) {
case rsaKey:
value_type = CKA_MODULUS;
break;
@@ -106,6 +129,8 @@ class Pk11KeyImportTestBase : public ::t
FAIL() << "unknown key type";
}
+ // Scan public key objects until we find one with the same CKA_ID as
+ // priv_key
std::unique_ptr<PK11GenericObject, PK11GenericObjectsDeleter> objs(
PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY));
ASSERT_NE(nullptr, objs);
@@ -128,20 +153,46 @@ class Pk11KeyImportTestBase : public ::t
ASSERT_EQ(1U, token.len);
ASSERT_NE(0, token.data[0]);
- StackSECItem value;
- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &value);
+ StackSECItem raw_value;
+ SECItem decoded_value;
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value);
ASSERT_EQ(SECSuccess, rv);
+ SECItem value = raw_value;
+ // Decode the EC_POINT and check the output against expected.
// CKA_EC_POINT isn't stable, see Bug 1520649.
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ ASSERT_TRUE(arena);
if (value_type == CKA_EC_POINT) {
- continue;
- }
+ // If this fails due to the noted inconsistency, we may need to
+ // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag
+ rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value,
+ SEC_ASN1_GET(SEC_OctetStringTemplate),
+ &raw_value);
+ ASSERT_EQ(SECSuccess, rv);
+ value = decoded_value;
+ }
ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value))
<< "expected: "
<< DataBuffer(expected_public->data, expected_public->len)
<< std::endl
<< "actual: " << DataBuffer(value.data, value.len) << std::endl;
+
+ // Finally, convert the private to public and ensure it matches.
+ ScopedSECKEYPublicKey pub_key(
+ SECKEY_ConvertToPublicKey(priv_key.get()));
+ ASSERT_TRUE(pub_key);
+ SECItem converted_public = GetPublicComponent(pub_key);
+ ASSERT_TRUE(converted_public.len != 0);
+
+ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public))
+ << "expected: "
+ << DataBuffer(expected_public->data, expected_public->len)
+ << std::endl
+ << "actual: "
+ << DataBuffer(converted_public.data, converted_public.len)
+ << std::endl;
}
}
diff -up ./lib/cryptohi/seckey.c.pub-priv-mech ./lib/cryptohi/seckey.c
--- ./lib/cryptohi/seckey.c.pub-priv-mech 2019-05-10 14:14:18.000000000 -0700
+++ ./lib/cryptohi/seckey.c 2019-06-05 16:43:42.277498676 -0700
@@ -1206,6 +1206,37 @@ SECKEY_CopyPublicKey(const SECKEYPublicK
return NULL;
}
+/*
+ * Use the private key to find a public key handle. The handle will be on
+ * the same slot as the private key.
+ */
+static CK_OBJECT_HANDLE
+seckey_FindPublicKeyHandle(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk)
+{
+ CK_OBJECT_HANDLE keyID;
+
+ /* this helper function is only used below. If we want to make this more
+ * general, we would need to free up any already cached handles if the
+ * slot doesn't match up with the private key slot */
+ PORT_Assert(pubk->pkcs11ID == CK_INVALID_HANDLE);
+
+ /* first look for a matching public key */
+ keyID = PK11_MatchItem(privk->pkcs11Slot, privk->pkcs11ID, CKO_PUBLIC_KEY);
+ if (keyID != CK_INVALID_HANDLE) {
+ return keyID;
+ }
+
+ /* none found, create a temp one, make the pubk the owner */
+ pubk->pkcs11ID = PK11_DerivePubKeyFromPrivKey(privk);
+ if (pubk->pkcs11ID == CK_INVALID_HANDLE) {
+ /* end of the road. Token doesn't have matching public key, nor can
+ * token regenerate a new public key from and existing private key. */
+ return CK_INVALID_HANDLE;
+ }
+ pubk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
+ return pubk->pkcs11ID;
+}
+
SECKEYPublicKey *
SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
{
@@ -1213,6 +1244,8 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
PLArenaPool *arena;
CERTCertificate *cert;
SECStatus rv;
+ CK_OBJECT_HANDLE pubKeyHandle;
+ SECItem decodedPoint;
/*
* First try to look up the cert.
@@ -1243,11 +1276,47 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
switch (privk->keyType) {
case nullKey:
- case dhKey:
- case dsaKey:
/* Nothing to query, if the cert isn't there, we're done -- no way
* to get the public key */
break;
+ case dsaKey:
+ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
+ if (pubKeyHandle == CK_INVALID_HANDLE)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_BASE, arena, &pubk->u.dsa.params.base);
+ if (rv != SECSuccess)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_PRIME, arena, &pubk->u.dsa.params.prime);
+ if (rv != SECSuccess)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_SUBPRIME, arena, &pubk->u.dsa.params.subPrime);
+ if (rv != SECSuccess)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_VALUE, arena, &pubk->u.dsa.publicValue);
+ if (rv != SECSuccess)
+ break;
+ return pubk;
+ case dhKey:
+ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
+ if (pubKeyHandle == CK_INVALID_HANDLE)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_BASE, arena, &pubk->u.dh.base);
+ if (rv != SECSuccess)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_PRIME, arena, &pubk->u.dh.prime);
+ if (rv != SECSuccess)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_VALUE, arena, &pubk->u.dh.publicValue);
+ if (rv != SECSuccess)
+ break;
+ return pubk;
case rsaKey:
rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
CKA_MODULUS, arena, &pubk->u.rsa.modulus);
@@ -1258,7 +1327,6 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
if (rv != SECSuccess)
break;
return pubk;
- break;
case ecKey:
rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams);
@@ -1268,7 +1336,23 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) {
- break;
+ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
+ if (pubKeyHandle == CK_INVALID_HANDLE)
+ break;
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
+ CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
+ if (rv != SECSuccess)
+ break;
+ }
+ /* ec.publicValue should be decoded, PKCS #11 defines CKA_EC_POINT
+ * as encoded, but it's not always. try do decoded it and if it
+ * succeeds store the decoded value */
+ rv = SEC_QuickDERDecodeItem(arena, &decodedPoint,
+ SEC_ASN1_GET(SEC_OctetStringTemplate), &pubk->u.ec.publicValue);
+ if (rv == SECSuccess) {
+ /* both values are in the public key arena, so it's safe to
+ * overwrite the old value */
+ pubk->u.ec.publicValue = decodedPoint;
}
pubk->u.ec.encoding = ECPoint_Undefined;
return pubk;
@@ -1276,7 +1360,9 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
break;
}
- PORT_FreeArena(arena, PR_FALSE);
+ /* must use Destroy public key here, because some paths create temporary
+ * PKCS #11 objects which need to be freed */
+ SECKEY_DestroyPublicKey(pubk);
return NULL;
}
diff -up ./lib/pk11wrap/pk11priv.h.pub-priv-mech ./lib/pk11wrap/pk11priv.h
--- ./lib/pk11wrap/pk11priv.h.pub-priv-mech 2019-05-10 14:14:18.000000000 -0700
+++ ./lib/pk11wrap/pk11priv.h 2019-06-05 16:43:42.277498676 -0700
@@ -111,6 +111,7 @@ CK_OBJECT_HANDLE PK11_FindObjectForCert(
PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType);
+CK_OBJECT_HANDLE PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey);
/**********************************************************************
* Certs
diff -up ./lib/pk11wrap/pk11skey.c.pub-priv-mech ./lib/pk11wrap/pk11skey.c
--- ./lib/pk11wrap/pk11skey.c.pub-priv-mech 2019-06-05 16:37:38.726685789 -0700
+++ ./lib/pk11wrap/pk11skey.c 2019-06-05 16:43:42.278498675 -0700
@@ -1841,6 +1841,35 @@ loser:
}
/*
+ * This regenerate a public key from a private key. This function is currently
+ * NSS private. If we want to make it public, we need to add and optional
+ * template or at least flags (a.la. PK11_DeriveWithFlags).
+ */
+CK_OBJECT_HANDLE
+PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey)
+{
+ PK11SlotInfo *slot = privKey->pkcs11Slot;
+ CK_MECHANISM mechanism;
+ CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
+ CK_RV crv;
+
+ mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV;
+ mechanism.pParameter = NULL;
+ mechanism.ulParameterLen = 0;
+
+ PK11_EnterSlotMonitor(slot);
+ crv = PK11_GETTAB(slot)->C_DeriveKey(slot->session, &mechanism,
+ privKey->pkcs11ID, NULL, 0,
+ &objectID);
+ PK11_ExitSlotMonitor(slot);
+ if (crv != CKR_OK) {
+ PORT_SetError(PK11_MapError(crv));
+ return CK_INVALID_HANDLE;
+ }
+ return objectID;
+}
+
+/*
* This Generates a wrapping key based on a privateKey, publicKey, and two
* random numbers. For Mail usage RandomB should be NULL. In the Sender's
* case RandomA is generate, outherwize it is passed.
diff -up ./lib/softoken/lowkey.c.pub-priv-mech ./lib/softoken/lowkey.c
--- ./lib/softoken/lowkey.c.pub-priv-mech 2019-05-10 14:14:18.000000000 -0700
+++ ./lib/softoken/lowkey.c 2019-06-05 16:44:20.469479019 -0700
@@ -261,6 +261,7 @@ NSSLOWKEYPublicKey *
nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
{
NSSLOWKEYPublicKey *pubk;
+ SECItem publicValue;
PLArenaPool *arena;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -301,6 +302,19 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPr
pubk->arena = arena;
pubk->keyType = privk->keyType;
+ /* if the public key value doesn't exist, calculate it */
+ if (privk->u.dsa.publicValue.len == 0) {
+ rv = DH_Derive(&privk->u.dsa.params.base, &privk->u.dsa.params.prime,
+ &privk->u.dsa.privateValue, &publicValue, 0);
+ if (rv != SECSuccess) {
+ break;
+ }
+ rv = SECITEM_CopyItem(privk->arena, &privk->u.dsa.publicValue, &publicValue);
+ SECITEM_FreeItem(&publicValue, PR_FALSE);
+ if (rv != SECSuccess) {
+ break;
+ }
+ }
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
&privk->u.dsa.publicValue);
if (rv != SECSuccess)
@@ -327,6 +341,19 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPr
pubk->arena = arena;
pubk->keyType = privk->keyType;
+ /* if the public key value doesn't exist, calculate it */
+ if (privk->u.dh.publicValue.len == 0) {
+ rv = DH_Derive(&privk->u.dh.base, &privk->u.dh.prime,
+ &privk->u.dh.privateValue, &publicValue, 0);
+ if (rv != SECSuccess) {
+ break;
+ }
+ rv = SECITEM_CopyItem(privk->arena, &privk->u.dh.publicValue, &publicValue);
+ SECITEM_FreeItem(&publicValue, PR_FALSE);
+ if (rv != SECSuccess) {
+ break;
+ }
+ }
rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
&privk->u.dh.publicValue);
if (rv != SECSuccess)
diff -up ./lib/softoken/pkcs11c.c.pub-priv-mech ./lib/softoken/pkcs11c.c
--- ./lib/softoken/pkcs11c.c.pub-priv-mech 2019-06-05 16:37:38.743685780 -0700
+++ ./lib/softoken/pkcs11c.c 2019-06-05 16:44:20.472479017 -0700
@@ -6569,6 +6569,10 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
extractValue = PR_FALSE;
classType = CKO_PRIVATE_KEY;
break;
+ case CKM_NSS_PUB_FROM_PRIV:
+ extractValue = PR_FALSE;
+ classType = CKO_PUBLIC_KEY;
+ break;
case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */
case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */
case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */
@@ -6610,6 +6614,35 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
}
switch (mechanism) {
+ /* get a public key from a private key. nsslowkey_ConvertToPublickey()
+ * will generate the public portion if it doesn't already exist. */
+ case CKM_NSS_PUB_FROM_PRIV: {
+ NSSLOWKEYPrivateKey *privKey;
+ NSSLOWKEYPublicKey *pubKey;
+ int error;
+
+ crv = sftk_GetULongAttribute(sourceKey, CKA_KEY_TYPE, &keyType);
+ if (crv != CKR_OK) {
+ break;
+ }
+
+ /* privKey is stored in sourceKey and will be destroyed when
+ * the sourceKey is freed. */
+ privKey = sftk_GetPrivKey(sourceKey, keyType, &crv);
+ if (privKey == NULL) {
+ break;
+ }
+ pubKey = nsslowkey_ConvertToPublicKey(privKey);
+ if (pubKey == NULL) {
+ error = PORT_GetError();
+ crv = sftk_MapCryptError(error);
+ break;
+ }
+ crv = sftk_PutPubKey(key, sourceKey, keyType, pubKey);
+ nsslowkey_DestroyPublicKey(pubKey);
+ break;
+ }
+
case CKM_NSS_IKE_PRF_DERIVE:
if (pMechanism->ulParameterLen !=
sizeof(CK_NSS_IKE_PRF_DERIVE_PARAMS)) {
diff -up ./lib/softoken/pkcs11.c.pub-priv-mech ./lib/softoken/pkcs11.c
--- ./lib/softoken/pkcs11.c.pub-priv-mech 2019-06-05 16:37:38.728685788 -0700
+++ ./lib/softoken/pkcs11.c 2019-06-05 16:44:20.473479017 -0700
@@ -2206,6 +2206,123 @@ sftk_GetPrivKey(SFTKObject *object, CK_K
return priv;
}
+/* populate a public key object from a lowpublic keys structure */
+CK_RV
+sftk_PutPubKey(SFTKObject *publicKey, SFTKObject *privateKey, CK_KEY_TYPE keyType, NSSLOWKEYPublicKey *pubKey)
+{
+ CK_OBJECT_CLASS classType = CKO_PUBLIC_KEY;
+ CK_BBOOL cktrue = CK_TRUE;
+ CK_RV crv = CKR_OK;
+ sftk_DeleteAttributeType(publicKey, CKA_CLASS);
+ sftk_DeleteAttributeType(publicKey, CKA_KEY_TYPE);
+ sftk_DeleteAttributeType(publicKey, CKA_VALUE);
+
+ switch (keyType) {
+ case CKK_RSA:
+ sftk_DeleteAttributeType(publicKey, CKA_MODULUS);
+ sftk_DeleteAttributeType(publicKey, CKA_PUBLIC_EXPONENT);
+ /* format the keys */
+ /* fill in the RSA dependent paramenters in the public key */
+ crv = sftk_AddAttributeType(publicKey, CKA_MODULUS,
+ sftk_item_expand(&pubKey->u.rsa.modulus));
+ if (crv != CKR_OK)
+ break;
+ crv = sftk_AddAttributeType(publicKey, CKA_PUBLIC_EXPONENT,
+ sftk_item_expand(&pubKey->u.rsa.publicExponent));
+ break;
+ case CKK_DSA:
+ sftk_DeleteAttributeType(publicKey, CKA_PRIME);
+ sftk_DeleteAttributeType(publicKey, CKA_SUBPRIME);
+ sftk_DeleteAttributeType(publicKey, CKA_BASE);
+ crv = sftk_AddAttributeType(publicKey, CKA_PRIME,
+ sftk_item_expand(&pubKey->u.dsa.params.prime));
+ if (crv != CKR_OK) {
+ break;
+ }
+ crv = sftk_AddAttributeType(publicKey, CKA_SUBPRIME,
+ sftk_item_expand(&pubKey->u.dsa.params.subPrime));
+ if (crv != CKR_OK) {
+ break;
+ }
+ crv = sftk_AddAttributeType(publicKey, CKA_BASE,
+ sftk_item_expand(&pubKey->u.dsa.params.base));
+ if (crv != CKR_OK) {
+ break;
+ }
+ crv = sftk_AddAttributeType(publicKey, CKA_VALUE,
+ sftk_item_expand(&pubKey->u.dsa.publicValue));
+ break;
+
+ case CKK_DH:
+ sftk_DeleteAttributeType(publicKey, CKA_PRIME);
+ sftk_DeleteAttributeType(publicKey, CKA_BASE);
+ crv = sftk_AddAttributeType(publicKey, CKA_PRIME,
+ sftk_item_expand(&pubKey->u.dh.prime));
+ if (crv != CKR_OK) {
+ break;
+ }
+ crv = sftk_AddAttributeType(publicKey, CKA_BASE,
+ sftk_item_expand(&pubKey->u.dh.base));
+ if (crv != CKR_OK) {
+ break;
+ }
+ crv = sftk_AddAttributeType(publicKey, CKA_VALUE,
+ sftk_item_expand(&pubKey->u.dh.publicValue));
+ break;
+
+ case CKK_EC:
+ sftk_DeleteAttributeType(publicKey, CKA_EC_PARAMS);
+ sftk_DeleteAttributeType(publicKey, CKA_EC_POINT);
+
+ crv = sftk_AddAttributeType(publicKey, CKA_EC_PARAMS,
+ sftk_item_expand(&pubKey->u.ec.ecParams.DEREncoding));
+ if (crv != CKR_OK) {
+ break;
+ }
+
+ crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT,
+ sftk_item_expand(&pubKey->u.ec.publicValue));
+ break;
+
+ default:
+ return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ crv = sftk_AddAttributeType(publicKey, CKA_CLASS, &classType,
+ sizeof(CK_OBJECT_CLASS));
+ if (crv != CKR_OK)
+ return crv;
+ crv = sftk_AddAttributeType(publicKey, CKA_KEY_TYPE, &keyType,
+ sizeof(CK_KEY_TYPE));
+ if (crv != CKR_OK)
+ return crv;
+ /* now handle the operator attributes */
+ if (sftk_isTrue(privateKey, CKA_DECRYPT)) {
+ crv = sftk_forceAttribute(publicKey, CKA_ENCRYPT, &cktrue, sizeof(CK_BBOOL));
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
+ if (sftk_isTrue(privateKey, CKA_SIGN)) {
+ crv = sftk_forceAttribute(publicKey, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
+ if (sftk_isTrue(privateKey, CKA_SIGN_RECOVER)) {
+ crv = sftk_forceAttribute(publicKey, CKA_VERIFY_RECOVER, &cktrue, sizeof(CK_BBOOL));
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
+ if (sftk_isTrue(privateKey, CKA_DERIVE)) {
+ crv = sftk_forceAttribute(publicKey, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
+ return crv;
+}
+
/*
**************************** Symetric Key utils ************************
*/
diff -up ./lib/softoken/pkcs11i.h.pub-priv-mech ./lib/softoken/pkcs11i.h
--- ./lib/softoken/pkcs11i.h.pub-priv-mech 2019-06-05 16:37:38.730685787 -0700
+++ ./lib/softoken/pkcs11i.h 2019-06-05 16:44:20.473479017 -0700
@@ -695,6 +695,9 @@ extern NSSLOWKEYPublicKey *sftk_GetPubKe
CK_KEY_TYPE key_type, CK_RV *crvp);
extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
CK_KEY_TYPE key_type, CK_RV *crvp);
+extern CK_RV sftk_PutPubKey(SFTKObject *publicKey, SFTKObject *privKey,
+ CK_KEY_TYPE keyType,
+ NSSLOWKEYPublicKey *pubKey);
extern void sftk_FormatDESKey(unsigned char *key, int length);
extern PRBool sftk_CheckDESKey(unsigned char *key);
extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type);
diff -up ./lib/util/pkcs11n.h.pub-priv-mech ./lib/util/pkcs11n.h
--- ./lib/util/pkcs11n.h.pub-priv-mech 2019-06-05 16:37:38.733685785 -0700
+++ ./lib/util/pkcs11n.h 2019-06-05 16:44:54.389461561 -0700
@@ -152,11 +152,6 @@
#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
-/* IKE mechanism (to be proposed to PKCS #11 */
-#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 7)
-#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 8)
-#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 9)
-#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 10)
/* J-PAKE round 1 key generation mechanisms.
*
@@ -238,6 +233,15 @@
#define CKM_NSS_CHACHA20_CTR (CKM_NSS + 33)
+/* IKE mechanism (to be proposed to PKCS #11 */
+#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 34)
+#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 35)
+#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 36)
+#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 37)
+
+/* Derive a public key from a bare private key */
+#define CKM_NSS_PUB_FROM_PRIV (CKM_NSS + 40)
+
/*
* HISTORICAL:
* Do not attempt to use these. They are only used by NETSCAPE's internal

145
SOURCES/nss-config.in Normal file
View File

@ -0,0 +1,145 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nss
nssutil
ssl
smime
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_ssl=yes
lib_smime=yes
lib_nss=yes
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
ssl)
lib_ssl=yes
;;
smime)
lib_smime=yes
;;
nss)
lib_nss=yes
;;
nssutil)
lib_nssutil=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_ssl"; then
libdirs="$libdirs -lssl${major_version}"
fi
if test -n "$lib_smime"; then
libdirs="$libdirs -lsmime${major_version}"
fi
if test -n "$lib_nss"; then
libdirs="$libdirs -lnss${major_version}"
fi
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

202
SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch Normal file
View File

@ -0,0 +1,202 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1559031046 -7200
# Tue May 28 10:10:46 2019 +0200
# Node ID 0a4e8b72a92e144663c2f35d3836f7828cfc97f2
# Parent 370a9e85f216f5f4ff277995a997c5c9b23a819f
Bug 1552208, prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3, r=mt
Reviewers: mt
Reviewed By: mt
Subscribers: mt, jcj, ueno, rrelyea, HubertKario, KevinJacobs
Tags: #secure-revision, #bmo-crypto-core-security
Bug #: 1552208
Differential Revision: https://phabricator.services.mozilla.com/D32454
diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -701,6 +701,44 @@ TEST_P(TlsConnectTls12, ClientAuthIncons
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
}
+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
+ static const SSLSignatureScheme kSignatureScheme[] = {
+ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
+
+ Reset(TlsAgent::kServerRsa, "rsa");
+ client_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ server_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+
+ auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
+ client_, kTlsHandshakeCertificateVerify);
+ capture_cert_verify->EnableDecryption();
+
+ Connect();
+ CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
+ 1024);
+}
+
+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
+ static const SSLSignatureScheme kSignatureScheme[] = {
+ ssl_sig_rsa_pkcs1_sha256};
+
+ Reset(TlsAgent::kServerRsa, "rsa");
+ client_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ server_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
public:
TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
@@ -933,7 +971,7 @@ TEST_P(TlsConnectTls13, InconsistentSign
client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
}
-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
+TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
server_->RequestClientAuth(false);
@@ -1395,12 +1433,21 @@ TEST_P(TlsSignatureSchemeConfiguration,
INSTANTIATE_TEST_CASE_P(
SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
::testing::Combine(
- TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
+ TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
::testing::Values(TlsAgent::kServerRsaSign),
::testing::Values(ssl_auth_rsa_sign),
::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
ssl_sig_rsa_pss_rsae_sha384)));
+// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
+INSTANTIATE_TEST_CASE_P(
+ SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
+ TlsConnectTestBase::kTlsV13,
+ ::testing::Values(TlsAgent::kServerRsaSign),
+ ::testing::Values(ssl_auth_rsa_sign),
+ ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
+ ssl_sig_rsa_pss_rsae_sha384)));
// PSS with SHA-512 needs a bigger key to work.
INSTANTIATE_TEST_CASE_P(
SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
diff --git a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
--- a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+++ b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -68,12 +68,6 @@ class TlsCipherSuiteTestBase : public Tl
virtual void SetupCertificate() {
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
switch (sig_scheme_) {
- case ssl_sig_rsa_pkcs1_sha256:
- case ssl_sig_rsa_pkcs1_sha384:
- case ssl_sig_rsa_pkcs1_sha512:
- Reset(TlsAgent::kServerRsaSign);
- auth_type_ = ssl_auth_rsa_sign;
- break;
case ssl_sig_rsa_pss_rsae_sha256:
case ssl_sig_rsa_pss_rsae_sha384:
Reset(TlsAgent::kServerRsaSign);
@@ -330,6 +324,12 @@ static SSLSignatureScheme kSignatureSche
ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384,
ssl_sig_rsa_pss_pss_sha512};
+static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
+ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
+ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384,
+ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256,
+ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512};
+
INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
kDummySignatureSchemesParams,
TLS_RSA_WITH_RC4_128_SHA,
@@ -394,7 +394,7 @@ INSTANTIATE_CIPHER_TEST_P(
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
::testing::ValuesIn(kFasterDHEGroups),
- ::testing::ValuesIn(kSignatureSchemesParamsArr),
+ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_256_GCM_SHA384);
INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
--- a/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, Signature
}
TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
- // 31 unknown signature algorithms followed by sha-256, rsa
+ // 31 unknown signature algorithms followed by sha-256, rsa-pss
const uint8_t val[] = {
0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
DataBuffer extension(val, sizeof(val));
MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
extension);
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMess
static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
+PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme);
const PRUint8 ssl_hello_retry_random[] = {
@@ -4101,6 +4102,9 @@ ssl_SignatureSchemeValid(SSLSignatureSch
if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
return PR_FALSE;
}
+ if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
+ return PR_FALSE;
+ }
/* With TLS 1.3, EC keys should have been selected based on calling
* ssl_SignatureSchemeFromSpki(), reject them otherwise. */
return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
@@ -4351,6 +4355,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignature
}
PRBool
+ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
+{
+ switch (scheme) {
+ case ssl_sig_rsa_pkcs1_sha256:
+ case ssl_sig_rsa_pkcs1_sha384:
+ case ssl_sig_rsa_pkcs1_sha512:
+ case ssl_sig_rsa_pkcs1_sha1:
+ return PR_TRUE;
+
+ default:
+ return PR_FALSE;
+ }
+ return PR_FALSE;
+}
+
+PRBool
ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme)
{
switch (scheme) {

169
SOURCES/nss-drbg-continuous.patch Normal file
View File

@ -0,0 +1,169 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1561465415 -7200
# Tue Jun 25 14:23:35 2019 +0200
# Node ID a0114e3d8b22d4c6ee77504c483a0fe0037f4c71
# Parent 313dfef345bd93bc67982249bffa2cfdd5a9d1b5
Bug 1560329, drbg: perform continuous test on entropy source
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test to check that consecutive entropy blocks from the system are different. As neither getentropy() nor /dev/urandom provides that check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Bug #: 1560329
Differential Revision: https://phabricator.services.mozilla.com/D35636
diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c
--- a/lib/freebl/drbg.c
+++ b/lib/freebl/drbg.c
@@ -30,6 +30,7 @@
#define PRNG_ADDITONAL_DATA_CACHE_SIZE (8 * 1024) /* must be less than \
* PRNG_MAX_ADDITIONAL_BYTES \
*/
+#define PRNG_ENTROPY_BLOCK_SIZE SHA256_LENGTH
/* RESEED_COUNT is how many calls to the prng before we need to reseed
* under normal NIST rules, you must return an error. In the NSS case, we
@@ -96,6 +97,8 @@ struct RNGContextStr {
PRUint32 additionalAvail;
PRBool isValid; /* false if RNG reaches an invalid state */
PRBool isKatTest; /* true if running NIST PRNG KAT tests */
+ /* for continuous entropy check */
+ PRUint8 previousEntropyHash[SHA256_LENGTH];
};
typedef struct RNGContextStr RNGContext;
@@ -169,6 +172,82 @@ prng_instantiate(RNGContext *rng, const
return SECSuccess;
}
+static PRCallOnceType coRNGInitEntropy;
+
+static PRStatus
+prng_initEntropy(void)
+{
+ size_t length;
+ PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
+ SHA256Context ctx;
+
+ /* For FIPS 140-2 4.9.2 continuous random number generator test,
+ * fetch the initial entropy from the system RNG and keep it for
+ * later comparison. */
+ length = RNG_SystemRNG(block, sizeof(block));
+ if (length == 0) {
+ return PR_FAILURE; /* error is already set */
+ }
+ PORT_Assert(length == sizeof(block));
+
+ /* Store the hash of the entropy block rather than the block
+ * itself for backward secrecy. */
+ SHA256_Begin(&ctx);
+ SHA256_Update(&ctx, block, sizeof(block));
+ SHA256_End(&ctx, globalrng->previousEntropyHash, NULL,
+ sizeof(globalrng->previousEntropyHash));
+ PORT_Memset(block, 0, sizeof(block));
+ return PR_SUCCESS;
+}
+
+static SECStatus
+prng_getEntropy(PRUint8 *buffer, size_t requestLength)
+{
+ size_t total = 0;
+ PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
+ PRUint8 hash[SHA256_LENGTH];
+ SHA256Context ctx;
+ SECStatus rv = SECSuccess;
+
+ if (PR_CallOnce(&coRNGInitEntropy, prng_initEntropy) != PR_SUCCESS) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
+ /* For FIPS 140-2 4.9.2 continuous random generator test,
+ * iteratively fetch fixed sized blocks from the system and
+ * compare consecutive blocks. */
+ while (total < requestLength) {
+ size_t length = RNG_SystemRNG(block, sizeof(block));
+ if (length == 0) {
+ rv = SECFailure; /* error is already set */
+ goto out;
+ }
+ PORT_Assert(length == sizeof(block));
+
+ /* Store the hash of the entropy block rather than the block
+ * itself for backward secrecy. */
+ SHA256_Begin(&ctx);
+ SHA256_Update(&ctx, block, sizeof(block));
+ SHA256_End(&ctx, hash, NULL, sizeof(hash));
+
+ if (PORT_Memcmp(globalrng->previousEntropyHash, hash, sizeof(hash)) == 0) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ rv = SECFailure;
+ goto out;
+ }
+ PORT_Memcpy(globalrng->previousEntropyHash, hash, sizeof(hash));
+ length = PR_MIN(requestLength - total, sizeof(block));
+ PORT_Memcpy(buffer, block, length);
+ total += length;
+ buffer += length;
+ }
+
+ out:
+ PORT_Memset(block, 0, sizeof block);
+ return rv;
+}
+
/*
* Update the global random number generator with more seeding
* material. Use the Hash_DRBG reseed algorithm from NIST SP-800-90
@@ -182,11 +261,15 @@ prng_reseed(RNGContext *rng, const PRUin
{
PRUint8 noiseData[(sizeof rng->V_Data) + PRNG_SEEDLEN];
PRUint8 *noise = &noiseData[0];
+ SECStatus rv;
/* if entropy wasn't supplied, fetch it. (normal operation case) */
if (entropy == NULL) {
- entropy_len = (unsigned int)RNG_SystemRNG(
- &noiseData[sizeof rng->V_Data], PRNG_SEEDLEN);
+ entropy_len = PRNG_SEEDLEN;
+ rv = prng_getEntropy(&noiseData[sizeof rng->V_Data], entropy_len);
+ if (rv != SECSuccess) {
+ return SECFailure; /* error is already set */
+ }
} else {
/* NOTE: this code is only available for testing, not to applications */
/* if entropy was too big for the stack variable, get it from malloc */
@@ -384,7 +467,6 @@ static PRStatus
rng_init(void)
{
PRUint8 bytes[PRNG_SEEDLEN * 2]; /* entropy + nonce */
- unsigned int numBytes;
SECStatus rv = SECSuccess;
if (globalrng == NULL) {
@@ -403,18 +485,17 @@ rng_init(void)
}
/* Try to get some seed data for the RNG */
- numBytes = (unsigned int)RNG_SystemRNG(bytes, sizeof bytes);
- PORT_Assert(numBytes == 0 || numBytes == sizeof bytes);
- if (numBytes != 0) {
+ rv = prng_getEntropy(bytes, sizeof bytes);
+ if (rv == SECSuccess) {
/* if this is our first call, instantiate, otherwise reseed
* prng_instantiate gets a new clean state, we want to mix
* any previous entropy we may have collected */
if (V(globalrng)[0] == 0) {
- rv = prng_instantiate(globalrng, bytes, numBytes);
+ rv = prng_instantiate(globalrng, bytes, sizeof bytes);
} else {
- rv = prng_reseed_test(globalrng, bytes, numBytes, NULL, 0);
+ rv = prng_reseed_test(globalrng, bytes, sizeof bytes, NULL, 0);
}
- memset(bytes, 0, numBytes);
+ memset(bytes, 0, sizeof bytes);
} else {
PZ_DestroyLock(globalrng->lock);
globalrng->lock = NULL;

13
SOURCES/nss-dso-ldflags.patch Normal file
View File

@ -0,0 +1,13 @@
Index: nss/coreconf/Linux.mk
===================================================================
--- nss.orig/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -144,7 +144,7 @@ ifdef USE_PTHREADS
endif
DSO_CFLAGS = -fPIC
-DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections
+DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections $(DSO_LDFLAGS)
# The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
# incorrectly reports undefined references in the libraries we link with, so
# we don't use -z defs there.

30
SOURCES/nss-fips-disable-tls13.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -2382,16 +2382,26 @@ ssl3_CreateOverlapWithPolicy(SSLProtocol
rv = ssl3_GetEffectiveVersionPolicy(protocolVariant,
&effectivePolicyBoundary);
if (rv == SECFailure) {
/* SECFailure means internal failure or invalid configuration. */
overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
return SECFailure;
}
+ /* TODO: TLSv1.3 doesn't work yet under FIPS mode */
+ if (PK11_IsFIPS()) {
+ if (effectivePolicyBoundary.min >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ effectivePolicyBoundary.min = SSL_LIBRARY_VERSION_TLS_1_2;
+ }
+ if (effectivePolicyBoundary.max >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ effectivePolicyBoundary.max = SSL_LIBRARY_VERSION_TLS_1_2;
+ }
+ }
+
vrange.min = PR_MAX(input->min, effectivePolicyBoundary.min);
vrange.max = PR_MIN(input->max, effectivePolicyBoundary.max);
if (vrange.max < vrange.min) {
/* there was no overlap, turn off range altogether */
overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
return SECFailure;
}

81
SOURCES/nss-fipstest-tls12-prf.patch Normal file
View File

@ -0,0 +1,81 @@
# HG changeset patch
# User Tomas Mraz <tmraz@fedoraproject.org>
# Date 1560861770 -7200
# Tue Jun 18 14:42:50 2019 +0200
# Node ID 6ef49fe67d6227a1d290da5537ec0dade379a15a
# Parent ebc93d6daeaa9001d31fd18b5199779da99ae9aa
Bug 1559906, fipstest: use CKM_TLS12_MASTER_KEY_DERIVE in TLS test, r=rrelyea
This also lets us CAVS tests more than just SHA256.
diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
--- a/cmd/fipstest/fipstest.c
+++ b/cmd/fipstest/fipstest.c
@@ -6669,12 +6669,13 @@ tls(char *reqfn)
CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE, NULL, 0 };
CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE, NULL, 0 };
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
- CK_SSL3_KEY_MAT_PARAMS key_block_params;
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+ CK_TLS12_KEY_MAT_PARAMS key_block_params;
CK_SSL3_KEY_MAT_OUT key_material;
CK_RV crv;
/* set up PKCS #11 parameters */
+ master_params.prfHashMechanism = CKM_SHA256;
master_params.pVersion = NULL;
master_params.RandomInfo.pClientRandom = clientHello_random;
master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random);
@@ -6682,6 +6683,7 @@ tls(char *reqfn)
master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random);
master_mech.pParameter = (void *)&master_params;
master_mech.ulParameterLen = sizeof(master_params);
+ key_block_params.prfHashMechanism = CKM_SHA256;
key_block_params.ulMacSizeInBits = 0;
key_block_params.ulKeySizeInBits = 0;
key_block_params.ulIVSizeInBits = 0;
@@ -6724,13 +6726,39 @@ tls(char *reqfn)
if (buf[0] == '[') {
if (strncmp(buf, "[TLS", 4) == 0) {
if (buf[7] == '0') {
+ /* CK_SSL3_MASTER_KEY_DERIVE_PARAMS is a subset of
+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS and
+ * CK_SSL3_KEY_MAT_PARAMS is a subset of
+ * CK_TLS12_KEY_MAT_PARAMS. The latter params have
+ * an extra prfHashMechanism field at the end. */
master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+ master_mech.ulParameterLen = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
+ key_block_mech.ulParameterLen = sizeof(CK_SSL3_KEY_MAT_PARAMS);
} else if (buf[7] == '2') {
- master_mech.mechanism =
- CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
- key_block_mech.mechanism =
- CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+ if (strncmp(&buf[10], "SHA-1", 5) == 0) {
+ master_params.prfHashMechanism = CKM_SHA_1;
+ key_block_params.prfHashMechanism = CKM_SHA_1;
+ } else if (strncmp(&buf[10], "SHA-224", 7) == 0) {
+ master_params.prfHashMechanism = CKM_SHA224;
+ key_block_params.prfHashMechanism = CKM_SHA224;
+ } else if (strncmp(&buf[10], "SHA-256", 7) == 0) {
+ master_params.prfHashMechanism = CKM_SHA256;
+ key_block_params.prfHashMechanism = CKM_SHA256;
+ } else if (strncmp(&buf[10], "SHA-384", 7) == 0) {
+ master_params.prfHashMechanism = CKM_SHA384;
+ key_block_params.prfHashMechanism = CKM_SHA384;
+ } else if (strncmp(&buf[10], "SHA-512", 7) == 0) {
+ master_params.prfHashMechanism = CKM_SHA512;
+ key_block_params.prfHashMechanism = CKM_SHA512;
+ } else {
+ fprintf(tlsresp, "ERROR: Unable to find prf Hash type");
+ goto loser;
+ }
+ master_mech.mechanism = CKM_TLS12_MASTER_KEY_DERIVE;
+ key_block_mech.mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
+ master_mech.ulParameterLen = sizeof(master_params);
+ key_block_mech.ulParameterLen = sizeof(key_block_params);
} else {
fprintf(stderr, "Unknown TLS type %x\n",
(unsigned int)buf[0]);

4513
SOURCES/nss-ike-patch.patch Normal file
View File

File diff suppressed because it is too large Load Diff

127
SOURCES/nss-input-check.patch Normal file
View File

@ -0,0 +1,127 @@
# HG changeset patch
# User Martin Thomson <mt@lowentropy.net>
# Date 1560498951 0
# Fri Jun 14 07:55:51 2019 +0000
# Branch NSS_3_44_BRANCH
# Node ID fb9932d6e083322e7b5dfcd3d6e67477e0bb075a
# Parent 876bca2723a1f969422edc93e7504420d8331d3c
Bug 1515342 - More thorough input checking, r=jcj
All part of applying better discipline throughout.
Differential Revision: https://phabricator.services.mozilla.com/D33736
diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
--- a/lib/cryptohi/seckey.c
+++ b/lib/cryptohi/seckey.c
@@ -639,6 +639,11 @@ seckey_ExtractPublicKey(const CERTSubjec
return pubk;
break;
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+ /* A basic sanity check on inputs. */
+ if (spki->algorithm.parameters.len == 0 || newOs.len == 0) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ break;
+ }
pubk->keyType = ecKey;
pubk->u.ec.size = 0;
diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -210,7 +210,8 @@ DH_Derive(SECItem *publicValue,
unsigned int len = 0;
unsigned int nb;
unsigned char *secret = NULL;
- if (!publicValue || !prime || !privateValue || !derivedSecret) {
+ if (!publicValue || !publicValue->len || !prime || !prime->len ||
+ !privateValue || !privateValue->len || !derivedSecret) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c
--- a/lib/freebl/ec.c
+++ b/lib/freebl/ec.c
@@ -202,8 +202,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateK
#endif
MP_DIGITS(&k) = 0;
- if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0) ||
- !ecParams->name) {
+ if (!ecParams || ecParams->name == ECCurve_noName ||
+ !privKey || !privKeyBytes || privKeyLen <= 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -391,7 +391,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateK
int len;
unsigned char *privKeyBytes = NULL;
- if (!ecParams) {
+ if (!ecParams || ecParams->name == ECCurve_noName || !privKey) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -430,7 +430,8 @@ EC_ValidatePublicKey(ECParams *ecParams,
mp_err err = MP_OKAY;
int len;
- if (!ecParams || !publicValue || !ecParams->name) {
+ if (!ecParams || ecParams->name == ECCurve_noName ||
+ !publicValue || !publicValue->len) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -536,8 +537,9 @@ ECDH_Derive(SECItem *publicValue,
int i;
#endif
- if (!publicValue || !ecParams || !privateValue || !derivedSecret ||
- !ecParams->name) {
+ if (!publicValue || !publicValue->len ||
+ !ecParams || ecParams->name == ECCurve_noName ||
+ !privateValue || !privateValue->len || !derivedSecret) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
diff --git a/lib/util/quickder.c b/lib/util/quickder.c
--- a/lib/util/quickder.c
+++ b/lib/util/quickder.c
@@ -757,6 +757,13 @@ DecodeItem(void* dest,
}
case SEC_ASN1_BIT_STRING: {
+ /* Can't be 8 or more spare bits, or any spare bits
+ * if there are no octets. */
+ if (temp.data[0] >= 8 || (temp.data[0] > 0 && temp.len == 1)) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ rv = SECFailure;
+ break;
+ }
/* change the length in the SECItem to be the number
of bits */
temp.len = (temp.len - 1) * 8 - (temp.data[0] & 0x7);
# HG changeset patch
# User Kevin Jacobs <kjacobs@mozilla.com>
# Date 1561145635 0
# Fri Jun 21 19:33:55 2019 +0000
# Branch NSS_3_44_BRANCH
# Node ID 416a8f7cf8986103b4d74694aac1198edbb08b3e
# Parent fb9932d6e083322e7b5dfcd3d6e67477e0bb075a
Bug 1515342 - Ignore spki decode failures on negative (expect_fail) tests. r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D35565
diff --git a/gtests/pk11_gtest/pk11_curve25519_unittest.cc b/gtests/pk11_gtest/pk11_curve25519_unittest.cc
--- a/gtests/pk11_gtest/pk11_curve25519_unittest.cc
+++ b/gtests/pk11_gtest/pk11_curve25519_unittest.cc
@@ -40,6 +40,9 @@ class Pkcs11Curve25519Test
ScopedCERTSubjectPublicKeyInfo certSpki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+ if (!expect_success && !certSpki) {
+ return;
+ }
ASSERT_TRUE(certSpki);
ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));

143
SOURCES/nss-leading-zero.patch Normal file
View File

@ -0,0 +1,143 @@
# HG changeset patch
# User Kevin Jacobs <kjacobs@mozilla.com>
# Date 1560499074 0
# Fri Jun 14 07:57:54 2019 +0000
# Branch NSS_3_44_BRANCH
# Node ID 876bca2723a1f969422edc93e7504420d8331d3c
# Parent 20671f860c2619dc27208d64a84a759fdffc5ed1
Bug 1540541 - Don't unnecessarily strip leading 0's from key material during PKCS11 import. r=jcj,mt
Differential Revision: https://phabricator.services.mozilla.com/D31671
diff --git a/lib/freebl/ecl/ecp_25519.c b/lib/freebl/ecl/ecp_25519.c
--- a/lib/freebl/ecl/ecp_25519.c
+++ b/lib/freebl/ecl/ecp_25519.c
@@ -114,6 +114,9 @@ ec_Curve25519_pt_mul(SECItem *X, SECItem
}
px = P->data;
}
+ if (k->len != 32) {
+ return SECFailure;
+ }
SECStatus rv = ec_Curve25519_mul(X->data, k->data, px);
if (NSS_SecureMemcmpZero(X->data, X->len) == 0) {
diff --git a/lib/pk11wrap/pk11akey.c b/lib/pk11wrap/pk11akey.c
--- a/lib/pk11wrap/pk11akey.c
+++ b/lib/pk11wrap/pk11akey.c
@@ -190,7 +190,6 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
attrs++;
PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
attrs++;
- signedattr = attrs;
PK11_SETATTRS(attrs, CKA_EC_PARAMS,
pubKey->u.ec.DEREncodedParams.data,
pubKey->u.ec.DEREncodedParams.len);
@@ -222,12 +221,14 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
PORT_SetError(SEC_ERROR_BAD_KEY);
return CK_INVALID_HANDLE;
}
-
templateCount = attrs - theTemplate;
- signedcount = attrs - signedattr;
PORT_Assert(templateCount <= (sizeof(theTemplate) / sizeof(CK_ATTRIBUTE)));
- for (attrs = signedattr; signedcount; attrs++, signedcount--) {
- pk11_SignedToUnsigned(attrs);
+ if (pubKey->keyType != ecKey) {
+ PORT_Assert(signedattr);
+ signedcount = attrs - signedattr;
+ for (attrs = signedattr; signedcount; attrs++, signedcount--) {
+ pk11_SignedToUnsigned(attrs);
+ }
}
rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate,
templateCount, isToken, &objectID);
@@ -1074,9 +1075,13 @@ pk11_loadPrivKeyWithFlags(PK11SlotInfo *
&cktrue, &ckfalse);
/* Not everyone can handle zero padded key values, give
- * them the raw data as unsigned */
- for (ap = attrs; extra_count; ap++, extra_count--) {
- pk11_SignedToUnsigned(ap);
+ * them the raw data as unsigned. The exception is EC,
+ * where the values are encoded or zero-preserving
+ * per-RFC5915 */
+ if (privKey->keyType != ecKey) {
+ for (ap = attrs; extra_count; ap++, extra_count--) {
+ pk11_SignedToUnsigned(ap);
+ }
}
/* now Store the puppies */
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -184,7 +184,9 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERT
SECKEY_DestroyPublicKey(pubKey);
return PR_FALSE;
}
- pk11_SignedToUnsigned(&theTemplate);
+ if (pubKey->keyType != ecKey) {
+ pk11_SignedToUnsigned(&theTemplate);
+ }
if (pk11_FindObjectByTemplate(slot, &theTemplate, 1) != CK_INVALID_HANDLE) {
SECKEY_DestroyPublicKey(pubKey);
return PR_TRUE;
diff --git a/lib/pk11wrap/pk11pk12.c b/lib/pk11wrap/pk11pk12.c
--- a/lib/pk11wrap/pk11pk12.c
+++ b/lib/pk11wrap/pk11pk12.c
@@ -505,7 +505,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotI
}
PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
attrs++;
- signedattr = attrs;
+ /* No signed attrs for EC */
/* curveOID always is a copy of AlgorithmID.parameters. */
PK11_SETATTRS(attrs, CKA_EC_PARAMS, lpk->u.ec.curveOID.data,
lpk->u.ec.curveOID.len);
@@ -523,11 +523,12 @@ PK11_ImportAndReturnPrivateKey(PK11SlotI
}
templateCount = attrs - theTemplate;
PORT_Assert(templateCount <= sizeof(theTemplate) / sizeof(CK_ATTRIBUTE));
- PORT_Assert(signedattr != NULL);
- signedcount = attrs - signedattr;
-
- for (ap = signedattr; signedcount; ap++, signedcount--) {
- pk11_SignedToUnsigned(ap);
+ if (lpk->keyType != ecKey) {
+ PORT_Assert(signedattr);
+ signedcount = attrs - signedattr;
+ for (ap = signedattr; signedcount; ap++, signedcount--) {
+ pk11_SignedToUnsigned(ap);
+ }
}
rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION,
diff --git a/lib/softoken/legacydb/lgattr.c b/lib/softoken/legacydb/lgattr.c
--- a/lib/softoken/legacydb/lgattr.c
+++ b/lib/softoken/legacydb/lgattr.c
@@ -950,9 +950,9 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPr
case CKA_UNWRAP:
return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
case CKA_VALUE:
- return lg_CopyPrivAttrSigned(attribute, type,
- key->u.ec.privateValue.data,
- key->u.ec.privateValue.len, sdbpw);
+ return lg_CopyPrivAttribute(attribute, type,
+ key->u.ec.privateValue.data,
+ key->u.ec.privateValue.len, sdbpw);
case CKA_EC_PARAMS:
return lg_CopyAttributeSigned(attribute, type,
key->u.ec.ecParams.DEREncoding.data,
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -7747,7 +7747,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar,
withCofactor, &tmp);
- PORT_Free(ecScalar.data);
+ PORT_ZFree(ecScalar.data, ecScalar.len);
ecScalar.data = NULL;
if (privKey != sourceKey->objectInfo) {
nsslowkey_DestroyPrivateKey(privKey);

35
SOURCES/nss-module-leak.patch Normal file
View File

@ -0,0 +1,35 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1557150127 -7200
# Mon May 06 15:42:07 2019 +0200
# Node ID 438ac983bda9ec7944990d22a37877e9111caa90
# Parent b018f3e84d87cce99a1fd81feeecb31123058687
pk11slot: reference module from slot for finalization
diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c
--- a/lib/pk11wrap/pk11slot.c
+++ b/lib/pk11wrap/pk11slot.c
@@ -1439,6 +1439,11 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
slot->slotID = slotID;
slot->isThreadSafe = mod->isThreadSafe;
slot->hasRSAInfo = PR_FALSE;
+ slot->module = mod; /* NOTE: we don't make a reference here because
+ * modules have references to their slots. This
+ * works because modules keep implicit references
+ * from their slots, and won't unload and disappear
+ * until all their slots have been freed */
if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID, &slotInfo) != CKR_OK) {
slot->disabled = PR_TRUE;
@@ -1448,11 +1453,6 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
/* test to make sure claimed mechanism work */
slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
- slot->module = mod; /* NOTE: we don't make a reference here because
- * modules have references to their slots. This
- * works because modules keep implicit references
- * from their slots, and won't unload and disappear
- * until all their slots have been freed */
(void)PK11_MakeString(NULL, slot->slot_name,
(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);

24
SOURCES/nss-mpi-loop.patch Normal file
View File

@ -0,0 +1,24 @@
# HG changeset patch
# User Greg Rubin <rubin@amazon.com>
# Date 1558464083 25200
# Tue May 21 11:41:23 2019 -0700
# Branch NSS_3_44_BRANCH
# Node ID 1eac9016c021055018389a5cb117678ecc61782a
# Parent 416a8f7cf8986103b4d74694aac1198edbb08b3e
Bug 1554336 - Optimize away unneeded loop in mpi.c r=kevinjacobs,jcj
diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c
--- a/lib/freebl/mpi/mpi.c
+++ b/lib/freebl/mpi/mpi.c
@@ -2063,7 +2063,10 @@ s_mp_almost_inverse(const mp_int *a, con
}
}
if (res >= 0) {
- while (MP_SIGN(c) != MP_ZPOS) {
+ if (mp_cmp_mag(c, p) >= 0) {
+ MP_CHECKOK(mp_div(c, p, NULL, c));
+ }
+ if (MP_SIGN(c) != MP_ZPOS) {
MP_CHECKOK(mp_add(c, p, c));
}
res = k;

4
SOURCES/nss-p11-kit.config Normal file
View File

@ -0,0 +1,4 @@
name=p11-kit-proxy
library=p11-kit-proxy.so

96
SOURCES/nss-post-handshake-auth-with-tickets.patch Normal file
View File

@ -0,0 +1,96 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1559121620 -7200
# Wed May 29 11:20:20 2019 +0200
# Node ID 29a48b604602a523defd6f9322a5adeca7e284a5
# Parent 43a7fb4f994a31222c308113b0fccdd5480d5b8e
Bug 1553443, send session ticket only after handshake is marked as finished
Reviewers: mt
Reviewed By: mt
Bug #: 1553443
Differential Revision: https://phabricator.services.mozilla.com/D32128
diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -537,6 +537,40 @@ TEST_F(TlsConnectStreamTls13, PostHandsh
capture_cert_req->buffer().len()));
}
+// Check if post-handshake auth still works when session tickets are enabled:
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) {
+ EnsureTlsSetup();
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
+ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
+ size_t called = 0;
+ server_->SetAuthCertificateCallback(
+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+ called++;
+ return SECSuccess;
+ });
+ Connect();
+ EXPECT_EQ(0U, called);
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
+ client_->ssl_fd(), GetClientAuthDataHook, nullptr));
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ReadBytes(50);
+ EXPECT_EQ(1U, called);
+ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
+ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
// In TLS 1.3, the client sends its cert rejection on the
// second flight, and since it has already received the
// server's Finished, it transitions to complete and
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -4561,6 +4561,11 @@ tls13_ServerHandleFinished(sslSocket *ss
return SECFailure;
}
+ rv = tls13_FinishHandshake(ss);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+
ssl_GetXmitBufLock(ss);
if (ss->opt.enableSessionTickets) {
rv = tls13_SendNewSessionTicket(ss, NULL, 0);
@@ -4573,8 +4578,7 @@ tls13_ServerHandleFinished(sslSocket *ss
}
}
ssl_ReleaseXmitBufLock(ss);
-
- return tls13_FinishHandshake(ss);
+ return SECSuccess;
loser:
ssl_ReleaseXmitBufLock(ss);
diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt
--- a/tests/ssl/sslauth.txt
+++ b/tests/ssl/sslauth.txt
@@ -42,6 +42,7 @@
noECC 0 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth)
noECC 0 -r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth)
noECC 1 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth)
+ noECC 0 -r_-r_-r_-E_-u -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs with session ticket (client auth)
#
# Use EC cert for client authentication
#

11
SOURCES/nss-skip-sysinit-gtests.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up nss/gtests/manifest.mn.skip-sysinit-gtests nss/gtests/manifest.mn
--- nss/gtests/manifest.mn.skip-sysinit-gtests 2019-04-26 12:55:05.979302035 +0200
+++ nss/gtests/manifest.mn 2019-04-26 12:55:09.507228984 +0200
@@ -27,7 +27,6 @@ NSS_SRCDIRS = \
smime_gtest \
softoken_gtest \
ssl_gtest \
- $(SYSINIT_GTEST) \
nss_bogo_shim \
$(NULL)
endif

27
SOURCES/nss-skip-tls13-fips.patch Normal file
View File

@ -0,0 +1,27 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1558341826 -7200
# Mon May 20 10:43:46 2019 +0200
# Node ID b447f0046807b718d2928d0e33313620d38a287a
# Parent 02ea5f29ac3c1f1c6e6eb4b655afd9b4fc075a9e
tests: skip TLS 1.3 tests under FIPS mode
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -393,6 +393,15 @@ ssl_auth()
echo "${testname}" | grep "TLS 1.3" > /dev/null
TLS13=$?
+ # Currently TLS 1.3 tests are known to fail under FIPS mode,
+ # because HKDF is implemented using the PKCS #11 functions
+ # prohibited under FIPS mode.
+ if [ "${TLS13}" -eq 0 ] && \
+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
+ continue
+ fi
+
if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then

116
SOURCES/nss-softokn-config.in Normal file
View File

@ -0,0 +1,116 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
softokn3 - Requires full dynamic linking
freebl3 - for internal use only (and glibc for self-integrity check)
nssdbm3 - for internal use only
Dymamically linked
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-softokn`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-softokn`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
echo $libdirs
fi

18
SOURCES/nss-softokn-dracut-module-setup.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
check() {
return 255
}
depends() {
return 0
}
install() {
local _dir
inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
libfreebl3.so
}

3
SOURCES/nss-softokn-dracut.conf Normal file
View File

@ -0,0 +1,3 @@
# turn on nss-softokn module
add_dracutmodules+=" nss-softokn "

1148
SOURCES/nss-softokn-fips-update.patch Normal file
View File

File diff suppressed because it is too large Load Diff

11
SOURCES/nss-softokn.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-SOFTOKN
Description: Network Security Services Softoken PKCS #11 Module
Version: %SOFTOKEN_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
Cflags: -I${includedir}

106
SOURCES/nss-sysinit-userdb.patch Normal file
View File

@ -0,0 +1,106 @@
Index: nss/lib/sysinit/nsssysinit.c
===================================================================
--- nss.orig/lib/sysinit/nsssysinit.c
+++ nss/lib/sysinit/nsssysinit.c
@@ -36,41 +36,9 @@ testdir(char *dir)
return S_ISDIR(buf.st_mode);
}
-/**
- * Append given @dir to @path and creates the directory with mode @mode.
- * Returns 0 if successful, -1 otherwise.
- * Assumes that the allocation for @path has sufficient space for @dir
- * to be added.
- */
-static int
-appendDirAndCreate(char *path, char *dir, mode_t mode)
-{
- PORT_Strcat(path, dir);
- if (!testdir(path)) {
- if (mkdir(path, mode)) {
- return -1;
- }
- }
- return 0;
-}
-
-#define XDG_NSS_USER_PATH1 "/.local"
-#define XDG_NSS_USER_PATH2 "/share"
-#define XDG_NSS_USER_PATH3 "/pki"
-
#define NSS_USER_PATH1 "/.pki"
#define NSS_USER_PATH2 "/nssdb"
-
-/**
- * Return the path to user's NSS database.
- * We search in the following dirs in order:
- * (1) $HOME/.pki/nssdb;
- * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set;
- * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value).
- * If (1) does not exist, then the returned dir will be set to either
- * (2) or (3), depending if XDG_DATA_HOME is set.
- */
-char *
+static char *
getUserDB(void)
{
char *userdir = PR_GetEnvSecure("HOME");
@@ -81,47 +49,22 @@ getUserDB(void)
}
nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
+ if (nssdir == NULL) {
+ return NULL;
+ }
PORT_Strcpy(nssdir, userdir);
- PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2);
- if (testdir(nssdir)) {
- /* $HOME/.pki/nssdb exists */
- return nssdir;
- } else {
- /* either $HOME/.pki or $HOME/.pki/nssdb does not exist */
+ /* verify it exists */
+ if (!testdir(nssdir)) {
PORT_Free(nssdir);
- }
- int size = 0;
- char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME");
- if (xdguserdatadir) {
- size = strlen(xdguserdatadir);
- } else {
- size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2);
- }
- size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2);
-
- nssdir = PORT_Alloc(size);
- if (nssdir == NULL) {
return NULL;
}
-
- if (xdguserdatadir) {
- PORT_Strcpy(nssdir, xdguserdatadir);
- if (!testdir(nssdir)) {
- PORT_Free(nssdir);
- return NULL;
- }
-
- } else {
- PORT_Strcpy(nssdir, userdir);
- if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) ||
- appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) {
- PORT_Free(nssdir);
- return NULL;
- }
+ PORT_Strcat(nssdir, NSS_USER_PATH1);
+ if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
+ PORT_Free(nssdir);
+ return NULL;
}
- /* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */
- if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) ||
- appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) {
+ PORT_Strcat(nssdir, NSS_USER_PATH2);
+ if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
PORT_Free(nssdir);
return NULL;
}

118
SOURCES/nss-util-config.in Normal file
View File

@ -0,0 +1,118 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-util-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nssutil
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-util`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-util`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

11
SOURCES/nss-util.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-UTIL
Description: Network Security Services Utility Library
Version: %NSSUTIL_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lnssutil3
Cflags: -I${includedir}

11
SOURCES/nss.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS
Description: Network Security Services
Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lssl3 -lsmime3 -lnss3
Cflags: -I${includedir}

56
SOURCES/pkcs11.txt.xml Normal file
View File

@ -0,0 +1,56 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="pkcs11.txt">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>pkcs11.txt</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>pkcs11.txt</refname>
<refpurpose>NSS PKCS #11 module configuration file</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para>
The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
</para>
<para>
For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

14
SOURCES/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch Normal file
View File

@ -0,0 +1,14 @@
diff -up nss/lib/ssl/ssl3con.c.1185708_3des nss/lib/ssl/ssl3con.c
--- nss/lib/ssl/ssl3con.c.1185708_3des 2018-12-11 18:28:06.736592552 +0100
+++ nss/lib/ssl/ssl3con.c 2018-12-11 18:29:06.273314692 +0100
@@ -106,8 +106,8 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},

68
SOURCES/setup-nsssysinit.sh Executable file
View File

@ -0,0 +1,68 @@
#!/bin/sh
#
# Turns on or off the nss-sysinit module db by editing the
# global PKCS #11 congiguration file. Displays the status.
#
# This script can be invoked by the user as super user.
# It is invoked at nss-sysinit post install time with argument on.
#
usage()
{
cat <<EOF
Usage: setup-nsssysinit [on|off]
on - turns on nsssysinit
off - turns off nsssysinit
status - reports whether nsssysinit is turned on or off
EOF
exit $1
}
# validate
if [ $# -eq 0 ]; then
usage 1 1>&2
fi
# the system-wide configuration file
p11conf="/etc/pki/nssdb/pkcs11.txt"
# must exist, otherwise report it and exit with failure
if [ ! -f $p11conf ]; then
echo "Could not find ${p11conf}"
exit 1
fi
# check if nsssysinit is currently enabled or disabled
sysinit_enabled()
{
grep -q '^library=libnsssysinit' ${p11conf}
}
umask 022
case "$1" in
on | ON )
if sysinit_enabled; then
exit 0
fi
cat ${p11conf} | \
sed -e 's/^library=$/library=libnsssysinit.so/' \
-e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
${p11conf}.on
mv ${p11conf}.on ${p11conf}
;;
off | OFF )
if ! sysinit_enabled; then
exit 0
fi
cat ${p11conf} | \
sed -e 's/^library=libnsssysinit.so/library=/' \
-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
${p11conf}.off
mv ${p11conf}.off ${p11conf}
;;
status )
echo -n 'NSS sysinit is '
sysinit_enabled && echo 'enabled' || echo 'disabled'
;;
* )
usage 1 1>&2
;;
esac

5
SOURCES/system-pkcs11.txt Normal file
View File

@ -0,0 +1,5 @@
library=libnsssysinit.so
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

2334
SPECS/nss.spec Normal file
View File

File diff suppressed because it is too large Load Diff