Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mozilla-nss.6304
nss-fips-ecdsa-kat.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-ecdsa-kat.patch of Package mozilla-nss.6304
From 776e07881ef04506c1ddfb4aa0cd7327cb6f0b75 Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson <hpj@suse.com> Date: Sun, 17 Sep 2017 19:22:02 +0200 Subject: [PATCH 3/6] Make ECDSA KAT FIPS compliant (use SHA-2 for digest). Also enable the KAT along with ECC. --- nss/lib/freebl/fipsfreebl.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c index 804589d..143d9c9 100644 --- a/nss/lib/freebl/fipsfreebl.c +++ b/nss/lib/freebl/fipsfreebl.c @@ -15,7 +15,7 @@ #include "secerr.h" #include "prtypes.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ec.h" /* Required for ECDSA */ #endif @@ -1077,7 +1077,7 @@ rsa_loser: return (SECFailure); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static SECStatus freebl_fips_ECDSA_Test(ECParams *ecparams, @@ -1097,7 +1097,7 @@ freebl_fips_ECDSA_Test(ECParams *ecparams, "Firefox and ThunderBird are awesome!" }; - unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */ + unsigned char sha224[SHA224_LENGTH]; /* SHA-224 hash (224 bits) */ unsigned char sig[2 * MAX_ECKEY_LEN]; SECItem signature, digest; ECPrivateKey *ecdsa_private_key = NULL; @@ -1139,13 +1139,13 @@ freebl_fips_ECDSA_Test(ECParams *ecparams, /* ECDSA Single-Round Known Answer Signature Test. */ /***************************************************/ - ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg); + ecdsaStatus = SHA224_HashBuf(sha224, msg, sizeof msg); if (ecdsaStatus != SECSuccess) { goto loser; } digest.type = siBuffer; - digest.data = sha1; - digest.len = SHA1_LENGTH; + digest.data = sha224; + digest.len = SHA224_LENGTH; memset(sig, 0, sizeof sig); signature.type = siBuffer; @@ -1253,10 +1253,10 @@ freebl_fips_ECDSA_PowerUpSelfTest() 0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff, 0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f, 0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5, - 0x59, 0x6a, 0x62, 0x49, 0x3d, 0x50, 0xc9, 0xe1, - 0x27, 0x3b, 0xff, 0x9b, 0x13, 0x66, 0x67, 0xdd, - 0x7d, 0xd1, 0x0d, 0x2d, 0x7c, 0x44, 0x04, 0x1b, - 0x16, 0x21, 0x12, 0xc5, 0xcb, 0xbd, 0x9e, 0x75 + 0x84, 0x72, 0xa4, 0x1c, 0xac, 0x99, 0xf9, 0x0d, + 0xe6, 0x75, 0xf2, 0x32, 0x91, 0xab, 0x99, 0x57, + 0xe5, 0x75, 0x7b, 0x86, 0x57, 0x18, 0x6b, 0xbe, + 0x37, 0xaa, 0xe8, 0xea, 0x36, 0x66, 0xaa, 0xeb }; ECParams ecparams; @@ -1275,7 +1275,7 @@ freebl_fips_ECDSA_PowerUpSelfTest() return (SECSuccess); } -#endif /* NSS_ENABLE_ECC */ +#endif /* !NSS_DISABLE_ECC */ static SECStatus freebl_fips_DSA_PowerUpSelfTest(void) @@ -1594,7 +1594,7 @@ freebl_fipsPowerUpSelfTest(unsigned int tests) if (rv != SECSuccess) return rv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDSA Power-Up SelfTest(s). */ rv = freebl_fips_ECDSA_PowerUpSelfTest(); -- 2.12.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor