rpms/nss
7
0
Fork 0
Code Issues Pull Requests Releases Activity
82 Commits 8 Branches 71 Tags 18 MiB
1bc01f4098
Commit Graph

82 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Relyea
1bc01f4098 Resolves: RHEL-127696 
- fix incomplete ml-kem pct patch.
 2026-01-23 09:48:27 -08:00
Robert Relyea
e57288c6ae Resolves: RHEL-127696 
- Fix regression in private key lifecycle
 2026-01-20 13:58:51 -08:00
Robert Relyea
ee702100d1 Resolves: RHEL-127696 
- fix a null in ml-dsa pkcs12 decode
- fix return code in ml-kem pct
 2026-01-12 08:32:50 -08:00
Robert Relyea
1b8abdc153 Resolves: RHEL-127696 
- fips update
 -   Fix indicators for the new post-quantum algorithms
 -   Fix the ML-KEM Self-tests
 -   Fix the ML-KEM zeroizaiton
 -   Add partial public validation before OAEP
- bug fixes
 -   add CKA_SEED to private attributes so they are updated on password change.
 -   mark CKA_PARAMETER_SET as CK_ULONG when storing into the database
 -   fix unrefrence read in leancrypto.
 2025-11-26 11:02:42 -08:00
Robert Relyea
8e8df8b196 Resolves: RHEL-103370 
- fix interface issue when pulling 3.0 pkcs#11 interfaces explicitly
 2025-08-07 12:58:21 -07:00
Robert Relyea
79c4ab2fd8 Resolves: RHEL-103370 
- restore CONCATENATE functions accidentally remvoed in the last patch
- fix big endian issue in tstclnt and selfserv in certificate compression
 2025-08-01 11:02:59 -07:00
Robert Relyea
9a73b38b2d Resolves: RHEL-103370 
- fix issues found by QE
  - fips changes
 2025-07-30 20:16:38 -07:00
Robert Relyea
af5bf173e1 Resolves: RHEL-103370 
Rebase NSS to nss-3.112 for Firefox in RHEL 9
 - add ml-dsa support
 - add mlkem1024 support in ssl
 2025-07-15 12:17:06 -07:00
Ondrej Moris
7c9e7708b3 Enable OSCI (RHEL-9) 
Signed-off-by: Ondrej Moris <omoris@redhat.com>
 2025-03-04 15:15:45 +01:00
Krenzelok Frantisek
0f76bd6054 Resolves: RHEL-61274 
Allow RSA-OAEP in Fips mode
Add the algorithms to fips_algorythms and add additional checks.

fix release number in changelog
 2024-11-18 12:18:55 +01:00
Krenzelok Frantisek
145f798e4c Resolves: RHEL-59582 2024-11-15 09:35:27 +01:00
Robert Relyea
e5a21dd021 Resolves: RHEL-61296 
+- fix shlibsign in FIPS mode
+- remove dbm from pkgconfig
 2024-11-05 16:58:08 -08:00
Robert Relyea
ae9a202e77 Resolves: RHEL-57300 
Fix ABI breakage in cms.
 2024-09-12 08:26:22 -07:00
Robert Relyea
4533aad28f Resolves: RHEL-46852 
Fix QE discovered issues:
    1) need parameter to test certificate compression in selfserv and
       tstclient.
    2) pkcs12 encoding for pbamac adding a spurious IV as a parameter
       instead of an NULL.
 2024-08-01 10:15:29 -07:00
Robert Relyea
973a7324f3 Related: RHEL-46852 
Fix chacha timing issue
 2024-07-25 18:22:11 -07:00
Robert Relyea
3769bf7f69 Related: RHEL-46852 
- Fix missing and inaccurate key length checks
 2024-07-25 14:16:05 -07:00
Robert Relyea
d8b27ada50 Related: RHEL-46852 
Fix the following problems with the rebase:
- Fix MD-5 decode issue in pkcs #12
- turn off policy processing for pkcs12 and smime
- restore the rhel9 pkcs12 defaults for pk12util
 2024-07-19 08:15:59 -07:00
Robert Relyea
c1408d7faa Resolves: RHEL-46852 
Rebase NSS to 3.101 for Firefox 128
 2024-07-10 13:28:29 -07:00
Krenzelok Frantisek
4f1878c47a Resolves: RHEL-32161 
Allow for shorter ecdsa signatures by padding them to full length
 2024-04-10 20:02:23 +02:00
Robert Relyea
f628c7a792 Related: RHEL-16653 
Fix ECC parameter DERwrapping that was broken by the minerva fixes.
 2024-01-24 08:49:08 -08:00
Robert Relyea
19e3cdb28c Resolves: RHEL-16653 
CVE-2023-6135 nss: vulnerable to Minerva side-channel information leak
 - Pick up validated constant time implementations of p256, p384, and p521
   from upsream
 - More Fips indicator changes
 2024-01-20 08:01:55 -08:00
Robert Relyea
78737bcfaa Resolves: RHEL-17216 
Incorporate Lab FIPS review requests.
 2023-12-05 09:30:31 -08:00
Robert Relyea
b604fc6eb5 Resolves: RHEL-15134 
CVE-2023-5388
nss: timing attack against RSA decryption.
Make the final blinding multmod constant time.
 2023-11-21 10:45:17 -08:00
Robert Relyea
2fef3aa45f Resolves: rhbz#2229399 
- add indicator for pbkdf
- fix ems policy bug
 2023-08-05 10:43:46 -07:00
Stanislav Zidek
ac0b8ce8dd Disable separate reporting of interop tests 
Otherwise, we would have to enumerate all the test plans
in `gating.yaml`. Without separate reporting, we could
simply use `osci.brew-build.tier0.functional`.

Related: rhbz#2209764
 2023-07-13 11:31:29 +02:00
Frantisek Krenzelok
b5cdb03af2
Increase the release number 
Related: rhbz#2211937

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2023-06-29 14:49:43 +02:00
Frantisek Krenzelok
6bbfd9e4ef
Add dist tag to packages version 
Related: rhbz#2211937

Packages lacked dist tag in their version tag after the
92cf70d

move `%patch<num>` from deprecate format to `%patch -P<num>`

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2023-06-28 17:06:00 +02:00
Robert Relyea
92cf70d178 Resolves: rhbz#2211937 
Rebase NSS to 3.90 for Firefox 115 ESR
Includes NSPR 4.35
 2023-06-22 08:21:33 +02:00
Alexander Sosedkin
f2db67545b delete tests/ 
The test directory seems to be inherited from Fedora.
The only test in there has become outdated.

Related: rhbz#2209764
 2023-05-25 16:50:18 +02:00
Peter Leitmann
9bb1bef019 Add new interop rpm-tmt-tests 2023-05-25 09:24:59 +00:00
Bob Relyea
7391e8d0cd Resolves: rhbz#2179385 
Make DH parameter processing in FIPS mode more strict.
Fix memory leak in dh keygen.
 2023-03-22 09:38:23 -07:00
Bob Relyea
2ed3d453e9 Related: rhbz#2174613 
Fix regression issue in FIPS mode. We need to return a non-locking return
code if the user supplied DH parameters are invalid, rather than a blocking
code we return if the underlying NSS math engine blows up.
 2023-03-16 12:53:52 -07:00
Bob Relyea
fe16df6b41 Related: rhbz#2176630 rhbz#2153473 rhbz#2174613 
Sync nss.spec with rhel-9.0.0 branch to match versioning.
 2023-03-15 10:36:00 -07:00
Bob Relyea
67466513bc Resolves: rhbz#2176630 rhbz#2153473 rhbz#2174613 
Fix CVE 2023-0767
Fix FIPS review comments.
 2023-03-11 11:19:28 -08:00
Bob Relyea
f445964895 Resolves: rhbz#2004545 rhbz#2122714 
- Update fips_algorithms.h to match the final FIPS requirements
    - Disable delegated credentials
 2022-09-08 08:56:38 -07:00
Bob Relyea
dcbd11ce7c Resolves: rhbz#2091905 
- remove OAEP from the fips indicator list
 2022-08-24 15:28:58 -07:00
Bob Relyea
cba98b139c Resolves: rhbz#2091905 
- More FIPS changes for FIPS 140-3
    -   drbg seeding fixes
    -   fips indicator fixes
- Fix regressions in pkcs12.
 2022-08-24 08:17:30 -07:00
Bob Relyea
09dd8eef9a Resolves: rhbz#2104703 
- more complete fix for the client auth crash
 2022-07-07 09:34:21 -07:00
Bob Relyea
590eee18a6 Related: rhbz#2097816 
- increase the pbe cache size
- remove debugging print from certmonder patch
 2022-06-22 13:59:47 -07:00
Bob Relyea
aef9d0723d Resolves: rhbz#2091905 rhbz#2098489 
- mark rsa 1023 as FIPS, reject RSA key sizes less than 1023.
- allow applications to rerun the POST arbitrarily (that is after dlopen).
 2022-06-21 12:21:13 -07:00
Bob Relyea
e6c0644902 Resolves: rhbz#2064360 
- resolve more regressions. selfserv no longer handles IPV4 when configured for IPV6.
 2022-06-14 18:50:06 -07:00
Bob Relyea
4d2d68aab9 Resolves: rhbz#2064360 
- Fix test case regressions in rebase
 2022-06-13 15:25:32 -07:00
Bob Relyea
328433776d Resolves: rhbz#2064360 
- fix coverity issues
 - add dbtool
 2022-06-10 16:51:19 -07:00
Bob Relyea
347b7343a5 Resolves: rhbz#2064360 
Rebase nss to 3.79, nspr to 4.34 for Firefox 102 ESR
 2022-06-02 11:14:49 -07:00
Bob Relyea
abcefb3fa4 Resolves: rhbz#2041832 
openssl pkcs12 unable to process nss pk12util generated pkcs12 file if its password length is >= 64 chars
 2022-02-16 12:55:59 -08:00
Bob Relyea
fd0aecc80b Resolves: rhbz#2039862 rhbz#1986987 
Turn on lto (fixing gtests issue with lto)
Fix pkcs12 man page to include changes made in that command.
 2022-01-27 08:09:17 -08:00
Robert Relyea
8857078930 Related: rhbz#2033309 2022-01-14 22:06:25 +00:00
Bob Relyea
79eaf96146 Resolves: rhbz#2033309 
Remove old db files and man pages
 2022-01-11 14:20:39 -08:00
Bob Relyea
34e9500654 Resolves: rhbz#2025362 
Fix CVE 2021-43527
 2021-12-01 11:54:49 -08:00
Bob Relyea
af61b61e84 Related: rhbz#2008320 
- Fix typo that prevented the validation program from building.
- add the validation program to nss-tools.
- Fix issue with NSS_FIPS_MODULE_ID where it wasn't detecting builds on RHEL9
 2021-10-19 20:11:17 -07:00