rpms/nss
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import nss-3.44.0-15.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-07-28 08:32:53 -04:00 committed by Stepan Oksanichenko
parent 2f9926f1ba
commit fa8cce37ed
3 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SOURCES/nss-3.44-fix-cmac-alignment-crash.patch Normal file
View File

@ -0,0 +1,45 @@
diff --git a/lib/freebl/cmac.c b/lib/freebl/cmac.c
--- a/lib/freebl/cmac.c
+++ b/lib/freebl/cmac.c
@@ -22,7 +22,7 @@
* add a new Context pointer to the cipher union with the correct type. */
CMACCipher cipherType;
union {
- AESContext aes;
+ AESContext *aes;
} cipher;
int blockSize;
@@ -62,7 +62,7 @@
{
if (ctx->cipherType == CMAC_AES) {
unsigned int tmpOutputLen;
- SECStatus rv = AES_Encrypt(&ctx->cipher.aes, output, &tmpOutputLen,
+ SECStatus rv = AES_Encrypt(ctx->cipher.aes, output, &tmpOutputLen,
ctx->blockSize, input, inputLen);
/* Assumption: AES_Encrypt (when in ECB mode) always returns an
@@ -156,8 +156,9 @@
ctx->blockSize = AES_BLOCK_SIZE;
ctx->cipherType = CMAC_AES;
- if (AES_InitContext(&ctx->cipher.aes, key, key_len, NULL, NSS_AES, 1,
- ctx->blockSize) != SECSuccess) {
+ ctx->cipher.aes = AES_CreateContext(key, NULL, NSS_AES, 1, key_len,
+ ctx->blockSize);
+ if (ctx->cipher.aes == NULL) {
return SECFailure;
}
@@ -308,8 +309,8 @@
return;
}
- if (ctx->cipherType == CMAC_AES) {
- AES_DestroyContext(&ctx->cipher.aes, PR_FALSE);
+ if (ctx->cipherType == CMAC_AES && ctx->cipher.aes != NULL) {
+ AES_DestroyContext(ctx->cipher.aes, PR_TRUE);
}
/* Destroy everything in the context. This includes sensitive data in

15
SOURCES/nss-3.44-fix-swapped-cmac.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h
--- a/lib/util/pkcs11t.h
+++ b/lib/util/pkcs11t.h
@@ -898,8 +898,8 @@
#define CKM_AES_CCM 0x00001088
#define CKM_AES_CTS 0x00001089
/* AES-CMAC values copied from v2.40 errata 1 header file */
-#define CKM_AES_CMAC_GENERAL 0x0000108A
-#define CKM_AES_CMAC 0x0000108B
+#define CKM_AES_CMAC 0x0000108A
+#define CKM_AES_CMAC_GENERAL 0x0000108B
#define CKM_AES_XCBC_MAC 0x0000108C
#define CKM_AES_XCBC_MAC_96 0x0000108D

10
SPECS/nss.spec
View File

@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: %{nss_version} Version: %{nss_version}
Release: 14%{?dist} Release: 15%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version} Requires: nspr >= %{nspr_version}
@ -154,6 +154,10 @@ Patch216: nss-3.44-kbkdf.patch
Patch217: nss-3.44-kbkdf-update.patch Patch217: nss-3.44-kbkdf-update.patch
Patch218: nss-3.44-encrypt-update.patch Patch218: nss-3.44-encrypt-update.patch
Patch219: nss-3.44-kbkdf-coverity.patch Patch219: nss-3.44-kbkdf-coverity.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1611209
Patch220: nss-3.44-fix-swapped-cmac.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1610687
Patch221: nss-3.44-fix-cmac-alignment-crash.patch
%description %description
@ -928,6 +932,10 @@ update-crypto-policies --no-reload &> /dev/null || :
%changelog %changelog
* Fri Jan 31 2020 Bob Relyea <rrelyea@redhat.com> - 3.44.0-15
- Fix swapped CMAC PKCS #11 values.
- Fix data alignment crash in CMAC.
* Tue Dec 3 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-14 * Tue Dec 3 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-14
- Fix coverify scan issue - Fix coverify scan issue