Resolves: rhbz#2228556
- add indicators for pbkdf2 - add camellia to pkcs12 doc files - fix ems policy bug - disable ech
This commit is contained in:
parent
1ad49057af
commit
b14469dd76
@ -14,9 +14,13 @@ typedef enum {
|
||||
SFTKFIPSDH, /* allow only specific primes */
|
||||
SFTKFIPSECC, /* not just keys but specific curves */
|
||||
SFTKFIPSAEAD, /* single shot AEAD functions not allowed in FIPS mode */
|
||||
SFTKFIPSRSAPSS
|
||||
SFTKFIPSRSAPSS, /* make sure salt isn't too big */
|
||||
SFTKFIPSPBKDF2 /* handle pbkdf2 FIPS restrictions */
|
||||
} SFTKFIPSSpecialClass;
|
||||
|
||||
/* set according to your security policy */
|
||||
#define SFTKFIPS_PBKDF2_MIN_PW_LEN 7
|
||||
|
||||
typedef struct SFTKFIPSAlgorithmListStr SFTKFIPSAlgorithmList;
|
||||
struct SFTKFIPSAlgorithmListStr {
|
||||
CK_MECHANISM_TYPE type;
|
||||
@ -163,6 +167,6 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = {
|
||||
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_NSS_IKE_PRF_DERIVE, { 112, 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
/* ------------------ PBE Key Derivations ------------------- */
|
||||
{ CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
{ CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSPBKDF2 },
|
||||
};
|
||||
const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs);
|
||||
|
20
nss-3.71-camellia-pkcs12-doc.patch
Normal file
20
nss-3.71-camellia-pkcs12-doc.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -up ./doc/pk12util.xml.camellia ./doc/pk12util.xml
|
||||
--- ./doc/pk12util.xml.camellia 2022-01-26 09:46:39.794919455 -0800
|
||||
+++ ./doc/pk12util.xml 2022-01-26 09:54:58.277019760 -0800
|
||||
@@ -317,7 +317,7 @@ Certificate Friendly Name: Thawte Fre
|
||||
|
||||
<refsection id="encryption">
|
||||
<title>Password Encryption</title>
|
||||
- <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
|
||||
+ <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
|
||||
<para>The private key is always protected with strong encryption by default.</para>
|
||||
<para>Several types of ciphers are supported.</para>
|
||||
<variablelist>
|
||||
@@ -327,6 +327,7 @@ Certificate Friendly Name: Thawte Fre
|
||||
<listitem>
|
||||
<itemizedlist>
|
||||
<listitem><para>PBES2 with AES-CBC-Pad as underlying encryption scheme (<userinput>"AES-128-CBC"</userinput>, <userinput>"AES-192-CBC"</userinput>, and <userinput>"AES-256-CBC"</userinput>)</para></listitem>
|
||||
+ <listitem><para>PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme (<userinput>"CAMELLIA-128-CBC"</userinput>, <userinput>"CAMELLIA-192-CBC"</userinput>, and <userinput>"CAMELLIA-256-CBC"</userinput>)</para></listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
</varlistentry>
|
@ -53,7 +53,7 @@ diff -up ./lib/ssl/ssl3con.c.add_ems_policy ./lib/ssl/ssl3con.c
|
||||
+ rv = NSS_GetAlgorithmPolicy(SEC_OID_TLS_REQUIRE_EMS, &policy);
|
||||
+ /* we only look at the policy if we can fetch it. */
|
||||
+ if (rv == SECSuccess) {
|
||||
+ if (policy & NSS_USE_POLICY_IN_SSL) {
|
||||
+ if (policy & NSS_USE_ALG_IN_SSL_KX) {
|
||||
+ /* just set the error, we don't want to map any errors
|
||||
+ * set by NSS_GetAlgorithmPolicy here */
|
||||
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
|
||||
|
96
nss-3.90-disable-ech.patch
Normal file
96
nss-3.90-disable-ech.patch
Normal file
@ -0,0 +1,96 @@
|
||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
--- a/lib/ssl/sslsock.c
|
||||
+++ b/lib/ssl/sslsock.c
|
||||
@@ -4394,62 +4394,82 @@ ssl_ClearPRCList(PRCList *list, void (*f
|
||||
}
|
||||
PORT_Free(cursor);
|
||||
}
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled)
|
||||
{
|
||||
+#ifdef notdef
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
return SECFailure;
|
||||
}
|
||||
ss->opt.enableTls13GreaseEch = enabled;
|
||||
return SECSuccess;
|
||||
+#else
|
||||
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
||||
+ return SECFailure;
|
||||
+#endif
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size)
|
||||
{
|
||||
+#ifdef notdef
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
if (!ss || size == 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
ssl_Get1stHandshakeLock(ss);
|
||||
ssl_GetSSL3HandshakeLock(ss);
|
||||
|
||||
ss->ssl3.hs.greaseEchSize = size;
|
||||
|
||||
ssl_ReleaseSSL3HandshakeLock(ss);
|
||||
ssl_Release1stHandshakeLock(ss);
|
||||
|
||||
return SECSuccess;
|
||||
+#else
|
||||
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
||||
+ return SECFailure;
|
||||
+#endif
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled)
|
||||
{
|
||||
+#ifdef notdef
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
return SECFailure;
|
||||
}
|
||||
ss->opt.enableTls13BackendEch = enabled;
|
||||
return SECSuccess;
|
||||
+#else
|
||||
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
||||
+ return SECFailure;
|
||||
+#endif
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled)
|
||||
{
|
||||
+#ifdef notdef
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
return SECFailure;
|
||||
}
|
||||
ss->opt.callExtensionWriterOnEchInner = enabled;
|
||||
return SECSuccess;
|
||||
+#else
|
||||
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
|
||||
+ return SECFailure;
|
||||
+#endif
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_SetDtls13VersionWorkaround(PRFileDesc *fd, PRBool enabled)
|
||||
{
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
return SECFailure;
|
||||
diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn
|
||||
--- ./gtests/ssl_gtest/manifest.mn.disable_ech 2023-06-21 19:02:02.160400997 +0200
|
||||
+++ ./gtests/ssl_gtest/manifest.mn 2023-06-21 19:02:18.226618324 +0200
|
||||
@@ -57,7 +57,6 @@ CPPSRCS = \
|
||||
tls_filter.cc \
|
||||
tls_protect.cc \
|
||||
tls_psk_unittest.cc \
|
||||
- tls_ech_unittest.cc \
|
||||
$(SSLKEYLOGFILE_FILES) \
|
||||
$(NULL)
|
42
nss-3.90-pbkdf2-indicator.patch
Normal file
42
nss-3.90-pbkdf2-indicator.patch
Normal file
@ -0,0 +1,42 @@
|
||||
diff -up ./lib/softoken/pkcs11u.c.pkcs12_indicator ./lib/softoken/pkcs11u.c
|
||||
--- ./lib/softoken/pkcs11u.c.pkcs12_indicator 2023-08-03 10:50:37.067109367 -0700
|
||||
+++ ./lib/softoken/pkcs11u.c 2023-08-03 11:41:55.641541953 -0700
|
||||
@@ -2429,7 +2429,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
return PR_FALSE;
|
||||
case SFTKFIPSECC:
|
||||
/* we've already handled the curve selection in the 'getlength'
|
||||
- * function */
|
||||
+ * function */
|
||||
return PR_TRUE;
|
||||
case SFTKFIPSAEAD: {
|
||||
if (mech->ulParameterLen == 0) {
|
||||
@@ -2463,6 +2463,29 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
}
|
||||
return PR_TRUE;
|
||||
}
|
||||
+ case SFTKFIPSPBKDF2: {
|
||||
+ /* PBKDF2 must have the following addition restrictions
|
||||
+ * (independent of keysize).
|
||||
+ * 1. iteration count must be at least 1000.
|
||||
+ * 2. salt must be at least 128 bits (16 bytes).
|
||||
+ * 3. password must match the length specified in the SP
|
||||
+ */
|
||||
+ CK_PKCS5_PBKD2_PARAMS *pbkdf2 = (CK_PKCS5_PBKD2_PARAMS *)
|
||||
+ mech->pParameter;
|
||||
+ if (mech->ulParameterLen != sizeof(*pbkdf2)) {
|
||||
+ return PR_FALSE;
|
||||
+ }
|
||||
+ if (pbkdf2->iterations < 1000) {
|
||||
+ return PR_FALSE;
|
||||
+ }
|
||||
+ if (pbkdf2->ulSaltSourceDataLen < 16) {
|
||||
+ return PR_FALSE;
|
||||
+ }
|
||||
+ if (*(pbkdf2->ulPasswordLen) < SFTKFIPS_PBKDF2_MIN_PW_LEN) {
|
||||
+ return PR_FALSE;
|
||||
+ }
|
||||
+ return PR_TRUE;
|
||||
+ }
|
||||
default:
|
||||
break;
|
||||
}
|
17
nss.spec
17
nss.spec
@ -63,7 +63,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: %{nss_version}
|
||||
Release: 1%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Requires: nspr >= %{nspr_version}%{nspr_release}
|
||||
@ -158,6 +158,8 @@ Patch50: nss-3.66-restore-old-pkcs12-default.patch
|
||||
Patch51: nss-3.79-revert-distrusted-certs.patch
|
||||
# Local Patch: update fipsdefaults to AES
|
||||
Patch52: nss-3.79-pkcs12-fips-defaults.patch
|
||||
Patch53: nss-3.71-camellia-pkcs12-doc.patch
|
||||
Patch54: nss-3.90-disable-ech.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1774659
|
||||
Patch57: nss-3.79-dbtool.patch
|
||||
@ -167,6 +169,7 @@ Patch61: nss-3.79-fips-review.patches
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
|
||||
Patch62: nss-3.90-DisablingASM.patch
|
||||
Patch63: nss-3.90-no-dbm-25519.patch
|
||||
Patch64: nss-3.90-pbkdf2-indicator.patch
|
||||
|
||||
#ems policy. needs to upstream
|
||||
Patch70: nss-3.90-add-ems-policy.patch
|
||||
@ -952,6 +955,18 @@ update-crypto-policies --no-reload &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Aug 3 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-3
|
||||
- add indicators for pbkdf2
|
||||
- add camellia to pkcs12 doc files
|
||||
- fix ems policy bug
|
||||
- disable ech
|
||||
|
||||
* Thu Jul 27 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-2
|
||||
- fix the change log
|
||||
|
||||
* Thu Jul 27 2023 Bob Relyea <rrelyea@redhat.com> - 3.90.0-1
|
||||
- rebase to NSS 3.90
|
||||
|
||||
* Wed Mar 8 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-11
|
||||
- Fix CVE-2023-0767
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user