diff --git a/fips_algorithms.h b/fips_algorithms.h index 6526ec7..80d7dcd 100644 --- a/fips_algorithms.h +++ b/fips_algorithms.h @@ -14,9 +14,13 @@ typedef enum { SFTKFIPSDH, /* allow only specific primes */ SFTKFIPSECC, /* not just keys but specific curves */ SFTKFIPSAEAD, /* single shot AEAD functions not allowed in FIPS mode */ - SFTKFIPSRSAPSS + SFTKFIPSRSAPSS, /* make sure salt isn't too big */ + SFTKFIPSPBKDF2 /* handle pbkdf2 FIPS restrictions */ } SFTKFIPSSpecialClass; +/* set according to your security policy */ +#define SFTKFIPS_PBKDF2_MIN_PW_LEN 7 + typedef struct SFTKFIPSAlgorithmListStr SFTKFIPSAlgorithmList; struct SFTKFIPSAlgorithmListStr { CK_MECHANISM_TYPE type; @@ -163,6 +167,6 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = { { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, { CKM_NSS_IKE_PRF_DERIVE, { 112, 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, /* ------------------ PBE Key Derivations ------------------- */ - { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSPBKDF2 }, }; const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs); diff --git a/nss-3.71-camellia-pkcs12-doc.patch b/nss-3.71-camellia-pkcs12-doc.patch new file mode 100644 index 0000000..f14b5a9 --- /dev/null +++ b/nss-3.71-camellia-pkcs12-doc.patch @@ -0,0 +1,20 @@ +diff -up ./doc/pk12util.xml.camellia ./doc/pk12util.xml +--- ./doc/pk12util.xml.camellia 2022-01-26 09:46:39.794919455 -0800 ++++ ./doc/pk12util.xml 2022-01-26 09:54:58.277019760 -0800 +@@ -317,7 +317,7 @@ Certificate Friendly Name: Thawte Fre + + + Password Encryption +- PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify "NONE" as the argument of the option. ++ PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify "NONE" as the argument of the option. + The private key is always protected with strong encryption by default. + Several types of ciphers are supported. + +@@ -327,6 +327,7 @@ Certificate Friendly Name: Thawte Fre + + + PBES2 with AES-CBC-Pad as underlying encryption scheme ("AES-128-CBC", "AES-192-CBC", and "AES-256-CBC") ++ PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme ("CAMELLIA-128-CBC", "CAMELLIA-192-CBC", and "CAMELLIA-256-CBC") + + + diff --git a/nss-3.90-add-ems-policy.patch b/nss-3.90-add-ems-policy.patch index 1d475b5..18739d9 100644 --- a/nss-3.90-add-ems-policy.patch +++ b/nss-3.90-add-ems-policy.patch @@ -53,7 +53,7 @@ diff -up ./lib/ssl/ssl3con.c.add_ems_policy ./lib/ssl/ssl3con.c + rv = NSS_GetAlgorithmPolicy(SEC_OID_TLS_REQUIRE_EMS, &policy); + /* we only look at the policy if we can fetch it. */ + if (rv == SECSuccess) { -+ if (policy & NSS_USE_POLICY_IN_SSL) { ++ if (policy & NSS_USE_ALG_IN_SSL_KX) { + /* just set the error, we don't want to map any errors + * set by NSS_GetAlgorithmPolicy here */ + PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); diff --git a/nss-3.90-disable-ech.patch b/nss-3.90-disable-ech.patch new file mode 100644 index 0000000..eee8c39 --- /dev/null +++ b/nss-3.90-disable-ech.patch @@ -0,0 +1,96 @@ +diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c +--- a/lib/ssl/sslsock.c ++++ b/lib/ssl/sslsock.c +@@ -4394,62 +4394,82 @@ ssl_ClearPRCList(PRCList *list, void (*f + } + PORT_Free(cursor); + } + } + + SECStatus + SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.enableTls13GreaseEch = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss || size == 0) { + return SECFailure; + } + ssl_Get1stHandshakeLock(ss); + ssl_GetSSL3HandshakeLock(ss); + + ss->ssl3.hs.greaseEchSize = size; + + ssl_ReleaseSSL3HandshakeLock(ss); + ssl_Release1stHandshakeLock(ss); + + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.enableTls13BackendEch = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled) + { ++#ifdef notdef + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + ss->opt.callExtensionWriterOnEchInner = enabled; + return SECSuccess; ++#else ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API); ++ return SECFailure; ++#endif + } + + SECStatus + SSLExp_SetDtls13VersionWorkaround(PRFileDesc *fd, PRBool enabled) + { + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; +diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn +--- ./gtests/ssl_gtest/manifest.mn.disable_ech 2023-06-21 19:02:02.160400997 +0200 ++++ ./gtests/ssl_gtest/manifest.mn 2023-06-21 19:02:18.226618324 +0200 +@@ -57,7 +57,6 @@ CPPSRCS = \ + tls_filter.cc \ + tls_protect.cc \ + tls_psk_unittest.cc \ +- tls_ech_unittest.cc \ + $(SSLKEYLOGFILE_FILES) \ + $(NULL) diff --git a/nss-3.90-pbkdf2-indicator.patch b/nss-3.90-pbkdf2-indicator.patch new file mode 100644 index 0000000..dbb7765 --- /dev/null +++ b/nss-3.90-pbkdf2-indicator.patch @@ -0,0 +1,42 @@ +diff -up ./lib/softoken/pkcs11u.c.pkcs12_indicator ./lib/softoken/pkcs11u.c +--- ./lib/softoken/pkcs11u.c.pkcs12_indicator 2023-08-03 10:50:37.067109367 -0700 ++++ ./lib/softoken/pkcs11u.c 2023-08-03 11:41:55.641541953 -0700 +@@ -2429,7 +2429,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + return PR_FALSE; + case SFTKFIPSECC: + /* we've already handled the curve selection in the 'getlength' +- * function */ ++ * function */ + return PR_TRUE; + case SFTKFIPSAEAD: { + if (mech->ulParameterLen == 0) { +@@ -2463,6 +2463,29 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + } + return PR_TRUE; + } ++ case SFTKFIPSPBKDF2: { ++ /* PBKDF2 must have the following addition restrictions ++ * (independent of keysize). ++ * 1. iteration count must be at least 1000. ++ * 2. salt must be at least 128 bits (16 bytes). ++ * 3. password must match the length specified in the SP ++ */ ++ CK_PKCS5_PBKD2_PARAMS *pbkdf2 = (CK_PKCS5_PBKD2_PARAMS *) ++ mech->pParameter; ++ if (mech->ulParameterLen != sizeof(*pbkdf2)) { ++ return PR_FALSE; ++ } ++ if (pbkdf2->iterations < 1000) { ++ return PR_FALSE; ++ } ++ if (pbkdf2->ulSaltSourceDataLen < 16) { ++ return PR_FALSE; ++ } ++ if (*(pbkdf2->ulPasswordLen) < SFTKFIPS_PBKDF2_MIN_PW_LEN) { ++ return PR_FALSE; ++ } ++ return PR_TRUE; ++ } + default: + break; + } diff --git a/nss.spec b/nss.spec index 004e529..1f73285 100644 --- a/nss.spec +++ b/nss.spec @@ -63,7 +63,7 @@ print(string.sub(hash, 0, 16)) Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 1%{?dist} +Release: 3%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version}%{nspr_release} @@ -158,6 +158,8 @@ Patch50: nss-3.66-restore-old-pkcs12-default.patch Patch51: nss-3.79-revert-distrusted-certs.patch # Local Patch: update fipsdefaults to AES Patch52: nss-3.79-pkcs12-fips-defaults.patch +Patch53: nss-3.71-camellia-pkcs12-doc.patch +Patch54: nss-3.90-disable-ech.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1774659 Patch57: nss-3.79-dbtool.patch @@ -167,6 +169,7 @@ Patch61: nss-3.79-fips-review.patches # https://bugzilla.mozilla.org/show_bug.cgi?id=1836925 Patch62: nss-3.90-DisablingASM.patch Patch63: nss-3.90-no-dbm-25519.patch +Patch64: nss-3.90-pbkdf2-indicator.patch #ems policy. needs to upstream Patch70: nss-3.90-add-ems-policy.patch @@ -952,6 +955,18 @@ update-crypto-policies --no-reload &> /dev/null || : %changelog +* Thu Aug 3 2023 Bob Relyea - 3.90.0-3 +- add indicators for pbkdf2 +- add camellia to pkcs12 doc files +- fix ems policy bug +- disable ech + +* Thu Jul 27 2023 Bob Relyea - 3.90.0-2 +- fix the change log + +* Thu Jul 27 2023 Bob Relyea - 3.90.0-1 +- rebase to NSS 3.90 + * Wed Mar 8 2023 Bob Relyea - 3.79.0-11 - Fix CVE-2023-0767