import nss-3.44.0-15.el8
This commit is contained in:
parent
2f9926f1ba
commit
fa8cce37ed
45
SOURCES/nss-3.44-fix-cmac-alignment-crash.patch
Normal file
45
SOURCES/nss-3.44-fix-cmac-alignment-crash.patch
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
diff --git a/lib/freebl/cmac.c b/lib/freebl/cmac.c
|
||||||
|
--- a/lib/freebl/cmac.c
|
||||||
|
+++ b/lib/freebl/cmac.c
|
||||||
|
@@ -22,7 +22,7 @@
|
||||||
|
* add a new Context pointer to the cipher union with the correct type. */
|
||||||
|
CMACCipher cipherType;
|
||||||
|
union {
|
||||||
|
- AESContext aes;
|
||||||
|
+ AESContext *aes;
|
||||||
|
} cipher;
|
||||||
|
int blockSize;
|
||||||
|
|
||||||
|
@@ -62,7 +62,7 @@
|
||||||
|
{
|
||||||
|
if (ctx->cipherType == CMAC_AES) {
|
||||||
|
unsigned int tmpOutputLen;
|
||||||
|
- SECStatus rv = AES_Encrypt(&ctx->cipher.aes, output, &tmpOutputLen,
|
||||||
|
+ SECStatus rv = AES_Encrypt(ctx->cipher.aes, output, &tmpOutputLen,
|
||||||
|
ctx->blockSize, input, inputLen);
|
||||||
|
|
||||||
|
/* Assumption: AES_Encrypt (when in ECB mode) always returns an
|
||||||
|
@@ -156,8 +156,9 @@
|
||||||
|
|
||||||
|
ctx->blockSize = AES_BLOCK_SIZE;
|
||||||
|
ctx->cipherType = CMAC_AES;
|
||||||
|
- if (AES_InitContext(&ctx->cipher.aes, key, key_len, NULL, NSS_AES, 1,
|
||||||
|
- ctx->blockSize) != SECSuccess) {
|
||||||
|
+ ctx->cipher.aes = AES_CreateContext(key, NULL, NSS_AES, 1, key_len,
|
||||||
|
+ ctx->blockSize);
|
||||||
|
+ if (ctx->cipher.aes == NULL) {
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -308,8 +309,8 @@
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ctx->cipherType == CMAC_AES) {
|
||||||
|
- AES_DestroyContext(&ctx->cipher.aes, PR_FALSE);
|
||||||
|
+ if (ctx->cipherType == CMAC_AES && ctx->cipher.aes != NULL) {
|
||||||
|
+ AES_DestroyContext(ctx->cipher.aes, PR_TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Destroy everything in the context. This includes sensitive data in
|
||||||
|
|
15
SOURCES/nss-3.44-fix-swapped-cmac.patch
Normal file
15
SOURCES/nss-3.44-fix-swapped-cmac.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h
|
||||||
|
--- a/lib/util/pkcs11t.h
|
||||||
|
+++ b/lib/util/pkcs11t.h
|
||||||
|
@@ -898,8 +898,8 @@
|
||||||
|
#define CKM_AES_CCM 0x00001088
|
||||||
|
#define CKM_AES_CTS 0x00001089
|
||||||
|
/* AES-CMAC values copied from v2.40 errata 1 header file */
|
||||||
|
-#define CKM_AES_CMAC_GENERAL 0x0000108A
|
||||||
|
-#define CKM_AES_CMAC 0x0000108B
|
||||||
|
+#define CKM_AES_CMAC 0x0000108A
|
||||||
|
+#define CKM_AES_CMAC_GENERAL 0x0000108B
|
||||||
|
#define CKM_AES_XCBC_MAC 0x0000108C
|
||||||
|
#define CKM_AES_XCBC_MAC_96 0x0000108D
|
||||||
|
|
||||||
|
|
@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 14%{?dist}
|
Release: 15%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
@ -154,6 +154,10 @@ Patch216: nss-3.44-kbkdf.patch
|
|||||||
Patch217: nss-3.44-kbkdf-update.patch
|
Patch217: nss-3.44-kbkdf-update.patch
|
||||||
Patch218: nss-3.44-encrypt-update.patch
|
Patch218: nss-3.44-encrypt-update.patch
|
||||||
Patch219: nss-3.44-kbkdf-coverity.patch
|
Patch219: nss-3.44-kbkdf-coverity.patch
|
||||||
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1611209
|
||||||
|
Patch220: nss-3.44-fix-swapped-cmac.patch
|
||||||
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1610687
|
||||||
|
Patch221: nss-3.44-fix-cmac-alignment-crash.patch
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -928,6 +932,10 @@ update-crypto-policies --no-reload &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 31 2020 Bob Relyea <rrelyea@redhat.com> - 3.44.0-15
|
||||||
|
- Fix swapped CMAC PKCS #11 values.
|
||||||
|
- Fix data alignment crash in CMAC.
|
||||||
|
|
||||||
* Tue Dec 3 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-14
|
* Tue Dec 3 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-14
|
||||||
- Fix coverify scan issue
|
- Fix coverify scan issue
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user