Resolves: rhbz#2228556

- add indicators for pbkdf2
- add camellia to pkcs12 doc files
- fix ems policy bug
- disable ech
This commit is contained in:
Robert Relyea 2023-08-05 20:07:42 -07:00
parent 1ad49057af
commit b14469dd76
6 changed files with 181 additions and 4 deletions

View File

@ -14,9 +14,13 @@ typedef enum {
SFTKFIPSDH, /* allow only specific primes */
SFTKFIPSECC, /* not just keys but specific curves */
SFTKFIPSAEAD, /* single shot AEAD functions not allowed in FIPS mode */
SFTKFIPSRSAPSS
SFTKFIPSRSAPSS, /* make sure salt isn't too big */
SFTKFIPSPBKDF2 /* handle pbkdf2 FIPS restrictions */
} SFTKFIPSSpecialClass;
/* set according to your security policy */
#define SFTKFIPS_PBKDF2_MIN_PW_LEN 7
typedef struct SFTKFIPSAlgorithmListStr SFTKFIPSAlgorithmList;
struct SFTKFIPSAlgorithmListStr {
CK_MECHANISM_TYPE type;
@ -163,6 +167,6 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = {
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_NSS_IKE_PRF_DERIVE, { 112, 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
/* ------------------ PBE Key Derivations ------------------- */
{ CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSPBKDF2 },
};
const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs);

View File

@ -0,0 +1,20 @@
diff -up ./doc/pk12util.xml.camellia ./doc/pk12util.xml
--- ./doc/pk12util.xml.camellia 2022-01-26 09:46:39.794919455 -0800
+++ ./doc/pk12util.xml 2022-01-26 09:54:58.277019760 -0800
@@ -317,7 +317,7 @@ Certificate Friendly Name: Thawte Fre
<refsection id="encryption">
<title>Password Encryption</title>
- <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
+ <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
<para>The private key is always protected with strong encryption by default.</para>
<para>Several types of ciphers are supported.</para>
<variablelist>
@@ -327,6 +327,7 @@ Certificate Friendly Name: Thawte Fre
<listitem>
<itemizedlist>
<listitem><para>PBES2 with AES-CBC-Pad as underlying encryption scheme (<userinput>"AES-128-CBC"</userinput>, <userinput>"AES-192-CBC"</userinput>, and <userinput>"AES-256-CBC"</userinput>)</para></listitem>
+ <listitem><para>PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme (<userinput>"CAMELLIA-128-CBC"</userinput>, <userinput>"CAMELLIA-192-CBC"</userinput>, and <userinput>"CAMELLIA-256-CBC"</userinput>)</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>

View File

@ -53,7 +53,7 @@ diff -up ./lib/ssl/ssl3con.c.add_ems_policy ./lib/ssl/ssl3con.c
+ rv = NSS_GetAlgorithmPolicy(SEC_OID_TLS_REQUIRE_EMS, &policy);
+ /* we only look at the policy if we can fetch it. */
+ if (rv == SECSuccess) {
+ if (policy & NSS_USE_POLICY_IN_SSL) {
+ if (policy & NSS_USE_ALG_IN_SSL_KX) {
+ /* just set the error, we don't want to map any errors
+ * set by NSS_GetAlgorithmPolicy here */
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);

View File

@ -0,0 +1,96 @@
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -4394,62 +4394,82 @@ ssl_ClearPRCList(PRCList *list, void (*f
}
PORT_Free(cursor);
}
}
SECStatus
SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled)
{
+#ifdef notdef
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
}
ss->opt.enableTls13GreaseEch = enabled;
return SECSuccess;
+#else
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+ return SECFailure;
+#endif
}
SECStatus
SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size)
{
+#ifdef notdef
sslSocket *ss = ssl_FindSocket(fd);
if (!ss || size == 0) {
return SECFailure;
}
ssl_Get1stHandshakeLock(ss);
ssl_GetSSL3HandshakeLock(ss);
ss->ssl3.hs.greaseEchSize = size;
ssl_ReleaseSSL3HandshakeLock(ss);
ssl_Release1stHandshakeLock(ss);
return SECSuccess;
+#else
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+ return SECFailure;
+#endif
}
SECStatus
SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled)
{
+#ifdef notdef
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
}
ss->opt.enableTls13BackendEch = enabled;
return SECSuccess;
+#else
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+ return SECFailure;
+#endif
}
SECStatus
SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled)
{
+#ifdef notdef
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
}
ss->opt.callExtensionWriterOnEchInner = enabled;
return SECSuccess;
+#else
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+ return SECFailure;
+#endif
}
SECStatus
SSLExp_SetDtls13VersionWorkaround(PRFileDesc *fd, PRBool enabled)
{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn
--- ./gtests/ssl_gtest/manifest.mn.disable_ech 2023-06-21 19:02:02.160400997 +0200
+++ ./gtests/ssl_gtest/manifest.mn 2023-06-21 19:02:18.226618324 +0200
@@ -57,7 +57,6 @@ CPPSRCS = \
tls_filter.cc \
tls_protect.cc \
tls_psk_unittest.cc \
- tls_ech_unittest.cc \
$(SSLKEYLOGFILE_FILES) \
$(NULL)

View File

@ -0,0 +1,42 @@
diff -up ./lib/softoken/pkcs11u.c.pkcs12_indicator ./lib/softoken/pkcs11u.c
--- ./lib/softoken/pkcs11u.c.pkcs12_indicator 2023-08-03 10:50:37.067109367 -0700
+++ ./lib/softoken/pkcs11u.c 2023-08-03 11:41:55.641541953 -0700
@@ -2429,7 +2429,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
return PR_FALSE;
case SFTKFIPSECC:
/* we've already handled the curve selection in the 'getlength'
- * function */
+ * function */
return PR_TRUE;
case SFTKFIPSAEAD: {
if (mech->ulParameterLen == 0) {
@@ -2463,6 +2463,29 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
}
return PR_TRUE;
}
+ case SFTKFIPSPBKDF2: {
+ /* PBKDF2 must have the following addition restrictions
+ * (independent of keysize).
+ * 1. iteration count must be at least 1000.
+ * 2. salt must be at least 128 bits (16 bytes).
+ * 3. password must match the length specified in the SP
+ */
+ CK_PKCS5_PBKD2_PARAMS *pbkdf2 = (CK_PKCS5_PBKD2_PARAMS *)
+ mech->pParameter;
+ if (mech->ulParameterLen != sizeof(*pbkdf2)) {
+ return PR_FALSE;
+ }
+ if (pbkdf2->iterations < 1000) {
+ return PR_FALSE;
+ }
+ if (pbkdf2->ulSaltSourceDataLen < 16) {
+ return PR_FALSE;
+ }
+ if (*(pbkdf2->ulPasswordLen) < SFTKFIPS_PBKDF2_MIN_PW_LEN) {
+ return PR_FALSE;
+ }
+ return PR_TRUE;
+ }
default:
break;
}

View File

@ -63,7 +63,7 @@ print(string.sub(hash, 0, 16))
Summary: Network Security Services
Name: nss
Version: %{nss_version}
Release: 1%{?dist}
Release: 3%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version}%{nspr_release}
@ -158,6 +158,8 @@ Patch50: nss-3.66-restore-old-pkcs12-default.patch
Patch51: nss-3.79-revert-distrusted-certs.patch
# Local Patch: update fipsdefaults to AES
Patch52: nss-3.79-pkcs12-fips-defaults.patch
Patch53: nss-3.71-camellia-pkcs12-doc.patch
Patch54: nss-3.90-disable-ech.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1774659
Patch57: nss-3.79-dbtool.patch
@ -167,6 +169,7 @@ Patch61: nss-3.79-fips-review.patches
# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
Patch62: nss-3.90-DisablingASM.patch
Patch63: nss-3.90-no-dbm-25519.patch
Patch64: nss-3.90-pbkdf2-indicator.patch
#ems policy. needs to upstream
Patch70: nss-3.90-add-ems-policy.patch
@ -952,6 +955,18 @@ update-crypto-policies --no-reload &> /dev/null || :
%changelog
* Thu Aug 3 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-3
- add indicators for pbkdf2
- add camellia to pkcs12 doc files
- fix ems policy bug
- disable ech
* Thu Jul 27 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-2
- fix the change log
* Thu Jul 27 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-1
- rebase to NSS 3.90
* Wed Mar 8 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-11
- Fix CVE-2023-0767