File nss-fips-ecdsa-kat.patch of Package mozilla-nss.6304
From 776e07881ef04506c1ddfb4aa0cd7327cb6f0b75 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@suse.com>
Date: Sun, 17 Sep 2017 19:22:02 +0200
Subject: [PATCH 3/6] Make ECDSA KAT FIPS compliant (use SHA-2 for digest).
Also enable the KAT along with ECC.
---
nss/lib/freebl/fipsfreebl.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c
index 804589d..143d9c9 100644
--- a/nss/lib/freebl/fipsfreebl.c
+++ b/nss/lib/freebl/fipsfreebl.c
@@ -15,7 +15,7 @@
#include "secerr.h"
#include "prtypes.h"
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
#include "ec.h" /* Required for ECDSA */
#endif
@@ -1077,7 +1077,7 @@ rsa_loser:
return (SECFailure);
}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
static SECStatus
freebl_fips_ECDSA_Test(ECParams *ecparams,
@@ -1097,7 +1097,7 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
"Firefox and ThunderBird are awesome!"
};
- unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
+ unsigned char sha224[SHA224_LENGTH]; /* SHA-224 hash (224 bits) */
unsigned char sig[2 * MAX_ECKEY_LEN];
SECItem signature, digest;
ECPrivateKey *ecdsa_private_key = NULL;
@@ -1139,13 +1139,13 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
/* ECDSA Single-Round Known Answer Signature Test. */
/***************************************************/
- ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
+ ecdsaStatus = SHA224_HashBuf(sha224, msg, sizeof msg);
if (ecdsaStatus != SECSuccess) {
goto loser;
}
digest.type = siBuffer;
- digest.data = sha1;
- digest.len = SHA1_LENGTH;
+ digest.data = sha224;
+ digest.len = SHA224_LENGTH;
memset(sig, 0, sizeof sig);
signature.type = siBuffer;
@@ -1253,10 +1253,10 @@ freebl_fips_ECDSA_PowerUpSelfTest()
0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff,
0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f,
0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5,
- 0x59, 0x6a, 0x62, 0x49, 0x3d, 0x50, 0xc9, 0xe1,
- 0x27, 0x3b, 0xff, 0x9b, 0x13, 0x66, 0x67, 0xdd,
- 0x7d, 0xd1, 0x0d, 0x2d, 0x7c, 0x44, 0x04, 0x1b,
- 0x16, 0x21, 0x12, 0xc5, 0xcb, 0xbd, 0x9e, 0x75
+ 0x84, 0x72, 0xa4, 0x1c, 0xac, 0x99, 0xf9, 0x0d,
+ 0xe6, 0x75, 0xf2, 0x32, 0x91, 0xab, 0x99, 0x57,
+ 0xe5, 0x75, 0x7b, 0x86, 0x57, 0x18, 0x6b, 0xbe,
+ 0x37, 0xaa, 0xe8, 0xea, 0x36, 0x66, 0xaa, 0xeb
};
ECParams ecparams;
@@ -1275,7 +1275,7 @@ freebl_fips_ECDSA_PowerUpSelfTest()
return (SECSuccess);
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* !NSS_DISABLE_ECC */
static SECStatus
freebl_fips_DSA_PowerUpSelfTest(void)
@@ -1594,7 +1594,7 @@ freebl_fipsPowerUpSelfTest(unsigned int tests)
if (rv != SECSuccess)
return rv;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* ECDSA Power-Up SelfTest(s). */
rv = freebl_fips_ECDSA_PowerUpSelfTest();
--
2.12.0
