File nss-fips-ecdsa-kat.patch of Package mozilla-nss.6304

Overview Repositories Revisions Requests Users Attributes Meta

File nss-fips-ecdsa-kat.patch of Package mozilla-nss.6304

From 776e07881ef04506c1ddfb4aa0cd7327cb6f0b75 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@suse.com>
Date: Sun, 17 Sep 2017 19:22:02 +0200
Subject: [PATCH 3/6] Make ECDSA KAT FIPS compliant (use SHA-2 for digest).
 Also enable the KAT along with ECC.

---
 nss/lib/freebl/fipsfreebl.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c
index 804589d..143d9c9 100644
--- a/nss/lib/freebl/fipsfreebl.c
+++ b/nss/lib/freebl/fipsfreebl.c
@@ -15,7 +15,7 @@
 #include "secerr.h"
 #include "prtypes.h"
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 #include "ec.h" /* Required for ECDSA */
 #endif
 
@@ -1077,7 +1077,7 @@ rsa_loser:
     return (SECFailure);
 }
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
 
 static SECStatus
 freebl_fips_ECDSA_Test(ECParams *ecparams,
@@ -1097,7 +1097,7 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
         "Firefox and ThunderBird are awesome!"
     };
 
-    unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
+    unsigned char sha224[SHA224_LENGTH]; /* SHA-224 hash (224 bits) */
     unsigned char sig[2 * MAX_ECKEY_LEN];
     SECItem signature, digest;
     ECPrivateKey *ecdsa_private_key = NULL;
@@ -1139,13 +1139,13 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
     /* ECDSA Single-Round Known Answer Signature Test. */
     /***************************************************/
 
-    ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
+    ecdsaStatus = SHA224_HashBuf(sha224, msg, sizeof msg);
     if (ecdsaStatus != SECSuccess) {
         goto loser;
     }
     digest.type = siBuffer;
-    digest.data = sha1;
-    digest.len = SHA1_LENGTH;
+    digest.data = sha224;
+    digest.len = SHA224_LENGTH;
 
     memset(sig, 0, sizeof sig);
     signature.type = siBuffer;
@@ -1253,10 +1253,10 @@ freebl_fips_ECDSA_PowerUpSelfTest()
         0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff,
         0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f,
         0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5,
-        0x59, 0x6a, 0x62, 0x49, 0x3d, 0x50, 0xc9, 0xe1,
-        0x27, 0x3b, 0xff, 0x9b, 0x13, 0x66, 0x67, 0xdd,
-        0x7d, 0xd1, 0x0d, 0x2d, 0x7c, 0x44, 0x04, 0x1b,
-        0x16, 0x21, 0x12, 0xc5, 0xcb, 0xbd, 0x9e, 0x75
+        0x84, 0x72, 0xa4, 0x1c, 0xac, 0x99, 0xf9, 0x0d,
+        0xe6, 0x75, 0xf2, 0x32, 0x91, 0xab, 0x99, 0x57,
+        0xe5, 0x75, 0x7b, 0x86, 0x57, 0x18, 0x6b, 0xbe,
+        0x37, 0xaa, 0xe8, 0xea, 0x36, 0x66, 0xaa, 0xeb
     };
 
     ECParams ecparams;
@@ -1275,7 +1275,7 @@ freebl_fips_ECDSA_PowerUpSelfTest()
     return (SECSuccess);
 }
 
-#endif /* NSS_ENABLE_ECC */
+#endif /* !NSS_DISABLE_ECC */
 
 static SECStatus
 freebl_fips_DSA_PowerUpSelfTest(void)
@@ -1594,7 +1594,7 @@ freebl_fipsPowerUpSelfTest(unsigned int tests)
         if (rv != SECSuccess)
             return rv;
 
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
         /* ECDSA Power-Up SelfTest(s). */
         rv = freebl_fips_ECDSA_PowerUpSelfTest();
 
-- 
2.12.0

Places

File nss-fips-ecdsa-kat.patch of Package mozilla-nss.6304

Places