File nss-fips-combined-hash-sign-dsa-ecdsa.patch of Package mozilla-nss.15194

commit c0ae706da7ce51b9585b0a35430a0efae446a981
Author: Hans Petter Jansson <hpj@cl.no>
Date:   Fri Apr 17 16:02:23 2020 +0200

    Add CKM_(EC)DSA_SHAxxx mechs.

diff --git a/nss/cmd/lib/pk11table.c b/nss/cmd/lib/pk11table.c
index ec5d889..d7b60e2 100644
--- a/nss/cmd/lib/pk11table.c
+++ b/nss/cmd/lib/pk11table.c
@@ -274,6 +274,10 @@ const Constant _consts[] = {
     mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
     mkEntry(CKM_DSA, Mechanism),
     mkEntry(CKM_DSA_SHA1, Mechanism),
+    mkEntry(CKM_DSA_SHA224, Mechanism),
+    mkEntry(CKM_DSA_SHA256, Mechanism),
+    mkEntry(CKM_DSA_SHA384, Mechanism),
+    mkEntry(CKM_DSA_SHA512, Mechanism),
     mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
     mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
     mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
@@ -439,6 +443,10 @@ const Constant _consts[] = {
     mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
     mkEntry(CKM_ECDSA, Mechanism),
     mkEntry(CKM_ECDSA_SHA1, Mechanism),
+    mkEntry(CKM_ECDSA_SHA224, Mechanism),
+    mkEntry(CKM_ECDSA_SHA256, Mechanism),
+    mkEntry(CKM_ECDSA_SHA384, Mechanism),
+    mkEntry(CKM_ECDSA_SHA512, Mechanism),
     mkEntry(CKM_ECDH1_DERIVE, Mechanism),
     mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
     mkEntry(CKM_ECMQV_DERIVE, Mechanism),
diff --git a/nss/lib/pk11wrap/debug_module.c b/nss/lib/pk11wrap/debug_module.c
index 59b89c3..74ed3c7 100644
--- a/nss/lib/pk11wrap/debug_module.c
+++ b/nss/lib/pk11wrap/debug_module.c
@@ -424,10 +424,18 @@ print_mechanism(CK_MECHANISM_PTR m)
         CASE(CKM_DSA_KEY_PAIR_GEN);
         CASE(CKM_DSA_PARAMETER_GEN);
         CASE(CKM_DSA_SHA1);
+        CASE(CKM_DSA_SHA224);
+        CASE(CKM_DSA_SHA256);
+        CASE(CKM_DSA_SHA384);
+        CASE(CKM_DSA_SHA512);
         CASE(CKM_ECDH1_COFACTOR_DERIVE);
         CASE(CKM_ECDH1_DERIVE);
         CASE(CKM_ECDSA);
         CASE(CKM_ECDSA_SHA1);
+        CASE(CKM_ECDSA_SHA224);
+        CASE(CKM_ECDSA_SHA256);
+        CASE(CKM_ECDSA_SHA384);
+        CASE(CKM_ECDSA_SHA512);
         CASE(CKM_ECMQV_DERIVE);
         CASE(CKM_EC_KEY_PAIR_GEN); /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */
         CASE(CKM_EXTRACT_KEY_FROM_KEY);
diff --git a/nss/lib/pk11wrap/pk11mech.c b/nss/lib/pk11wrap/pk11mech.c
index cfbe45b..c7f5272 100644
--- a/nss/lib/pk11wrap/pk11mech.c
+++ b/nss/lib/pk11wrap/pk11mech.c
@@ -366,6 +366,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
             return CKK_RSA;
         case CKM_DSA:
         case CKM_DSA_SHA1:
+        case CKM_DSA_SHA224:
+        case CKM_DSA_SHA256:
+        case CKM_DSA_SHA384:
+        case CKM_DSA_SHA512:
         case CKM_DSA_KEY_PAIR_GEN:
             return CKK_DSA;
         case CKM_DH_PKCS_DERIVE:
@@ -376,6 +380,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
             return CKK_KEA;
         case CKM_ECDSA:
         case CKM_ECDSA_SHA1:
+        case CKM_ECDSA_SHA224:
+        case CKM_ECDSA_SHA256:
+        case CKM_ECDSA_SHA384:
+        case CKM_ECDSA_SHA512:
         case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
         case CKM_ECDH1_DERIVE:
             return CKK_EC; /* CKK_ECDSA is deprecated */
diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c
index 05e3ac1..79f1a50 100644
--- a/nss/lib/softoken/pkcs11.c
+++ b/nss/lib/softoken/pkcs11.c
@@ -278,6 +278,10 @@ static const struct mechanismList mechanisms[] = {
     { CKM_DSA, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
     { CKM_DSA_PARAMETER_GEN, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_GENERATE }, PR_TRUE },
     { CKM_DSA_SHA1, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
+    { CKM_DSA_SHA224, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
+    { CKM_DSA_SHA256, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
+    { CKM_DSA_SHA384, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
+    { CKM_DSA_SHA512, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
     /* -------------------- Diffie Hellman Operations --------------------- */
     /* no diffie hellman yet */
     { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE },
@@ -287,6 +291,10 @@ static const struct mechanismList mechanisms[] = {
     { CKM_ECDH1_DERIVE, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_DERIVE | CKF_EC_BPNU }, PR_TRUE },
     { CKM_ECDSA, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
     { CKM_ECDSA_SHA1, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDSA_SHA224, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDSA_SHA256, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDSA_SHA384, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDSA_SHA512, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
     /* ------------------------- RC2 Operations --------------------------- */
     { CKM_RC2_KEY_GEN, { 1, 128, CKF_GENERATE }, PR_TRUE },
     { CKM_RC2_ECB, { 1, 128, CKF_EN_DE_WR_UN }, PR_TRUE },
diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c
index d7307cd..d700041 100644
--- a/nss/lib/softoken/pkcs11c.c
+++ b/nss/lib/softoken/pkcs11c.c
@@ -2473,6 +2473,36 @@ sftk_RSAHashSign(SFTKHashSignInfo *info, unsigned char *sig,
                         hash, hashLen);
 }
 
+static SECStatus
+sftk_DSAHashSign(SFTKHashSignInfo *info, unsigned char *sig,
+                 unsigned int *sigLen, unsigned int maxLen,
+                 const unsigned char *hash, unsigned int hashLen)
+{
+    PORT_Assert(info->key->keyType == NSSLOWKEYDSAKey);
+    if (info->key->keyType != NSSLOWKEYDSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return DSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen,
+                        hash, hashLen);
+}
+
+static SECStatus
+sftk_ECDSAHashSign(SFTKHashSignInfo *info, unsigned char *sig,
+                   unsigned int *sigLen, unsigned int maxLen,
+                   const unsigned char *hash, unsigned int hashLen)
+{
+    PORT_Assert(info->key->keyType == NSSLOWKEYECKey);
+    if (info->key->keyType != NSSLOWKEYECKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return ECDSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen,
+                          hash, hashLen);
+}
+
 /* XXX Old template; want to expunge it eventually. */
 static DERTemplate SECAlgorithmIDTemplate[] = {
     { DER_SEQUENCE,
@@ -2635,7 +2665,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen,
 static SECStatus
 nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
                   unsigned int *sigLen, unsigned int maxSigLen,
-                  void *dataBuf, unsigned int dataLen)
+                  const void *dataBuf, unsigned int dataLen)
 {
     SECItem signature, digest;
     SECStatus rv;
@@ -2653,6 +2683,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
     return rv;
 }
 
+SECStatus
+DSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
+             unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
+             const unsigned char *hash, unsigned int hashLen)
+{
+    SECStatus rv;
+
+    rv = nsc_DSA_Sign_Stub(key, sig, sigLen, maxLen, hash, hashLen);
+
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+    return rv;
+}
+
 static SECStatus
 nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
                     void *dataBuf, unsigned int dataLen)
@@ -2670,7 +2716,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
 static SECStatus
 nsc_ECDSASignStub(void *ctx, void *sigBuf,
                   unsigned int *sigLen, unsigned int maxSigLen,
-                  void *dataBuf, unsigned int dataLen)
+                  const void *dataBuf, unsigned int dataLen)
 {
     SECItem signature, digest;
     SECStatus rv;
@@ -2688,6 +2734,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
     return rv;
 }
 
+SECStatus
+ECDSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
+               unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
+               const unsigned char *hash, unsigned int hashLen)
+{
+    SECStatus rv;
+
+    rv = nsc_ECDSASignStub(key, sig, sigLen, maxLen, hash, hashLen);
+
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+    return rv;
+}
+
 /* NSC_SignInit setups up the signing operations. There are three basic
  * types of signing:
  *      (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
@@ -2757,6 +2819,36 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
         info->hashOid = SEC_OID_##mmm;                  \
         goto finish_rsa;
 
+#define INIT_DSA_SIGN_MECH(mmm)                         \
+    case CKM_DSA_##mmm:                                 \
+        context->multi = PR_TRUE;                       \
+        crv = sftk_doSub##mmm(context);                 \
+        if (crv != CKR_OK)                              \
+            break;                                      \
+        context->update = (SFTKCipher)sftk_DSAHashSign; \
+        info = PORT_New(SFTKHashSignInfo);              \
+        if (info == NULL) {                             \
+            crv = CKR_HOST_MEMORY;                      \
+            break;                                      \
+        }                                               \
+        info->hashOid = SEC_OID_##mmm;                  \
+        goto finish_dsa;
+
+#define INIT_ECDSA_SIGN_MECH(mmm)                         \
+    case CKM_ECDSA_##mmm:                                 \
+        context->multi = PR_TRUE;                         \
+        crv = sftk_doSub##mmm(context);                   \
+        if (crv != CKR_OK)                                \
+            break;                                        \
+        context->update = (SFTKCipher)sftk_ECDSAHashSign; \
+        info = PORT_New(SFTKHashSignInfo);                \
+        if (info == NULL) {                               \
+            crv = CKR_HOST_MEMORY;                        \
+            break;                                        \
+        }                                                 \
+        info->hashOid = SEC_OID_##mmm;                    \
+        goto finish_ecdsa;
+
     switch (pMechanism->mechanism) {
         INIT_RSA_SIGN_MECH(MD5)
         INIT_RSA_SIGN_MECH(MD2)
@@ -2824,13 +2916,15 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
             context->maxLen = nsslowkey_PrivateModulusLen(info->key);
             break;
 
-        case CKM_DSA_SHA1:
-            context->multi = PR_TRUE;
-            crv = sftk_doSubSHA1(context);
-            if (crv != CKR_OK)
-                break;
-        /* fall through */
+        INIT_DSA_SIGN_MECH(SHA1)
+        INIT_DSA_SIGN_MECH(SHA224)
+        INIT_DSA_SIGN_MECH(SHA256)
+        INIT_DSA_SIGN_MECH(SHA384)
+        INIT_DSA_SIGN_MECH(SHA512)
+
         case CKM_DSA:
+            context->update = (SFTKCipher)nsc_DSA_Sign_Stub;
+        finish_dsa:
             if (key_type != CKK_DSA) {
                 crv = CKR_KEY_TYPE_INCONSISTENT;
                 break;
@@ -2839,20 +2933,32 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
             if (privKey == NULL) {
                 break;
             }
-            context->cipherInfo = privKey;
-            context->update = (SFTKCipher)nsc_DSA_Sign_Stub;
-            context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
-            context->maxLen = DSA_MAX_SIGNATURE_LEN;
 
+            /* OK, info is allocated only if we're doing hash and sign mechanism.
+             * It's necessary to be able to set the correct OID in the final
+             * signature.
+             */
+            if (info) {
+                info->key = privKey;
+                context->cipherInfo = info;
+                context->destroy = (SFTKDestroy)sftk_Space;
+            } else {
+                context->cipherInfo = privKey;
+                context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
+            }
+
+            context->maxLen = DSA_MAX_SIGNATURE_LEN;
             break;
 
-        case CKM_ECDSA_SHA1:
-            context->multi = PR_TRUE;
-            crv = sftk_doSubSHA1(context);
-            if (crv != CKR_OK)
-                break;
-        /* fall through */
+        INIT_ECDSA_SIGN_MECH(SHA1)
+        INIT_ECDSA_SIGN_MECH(SHA224)
+        INIT_ECDSA_SIGN_MECH(SHA256)
+        INIT_ECDSA_SIGN_MECH(SHA384)
+        INIT_ECDSA_SIGN_MECH(SHA512)
+
         case CKM_ECDSA:
+            context->update = (SFTKCipher)nsc_ECDSASignStub;
+        finish_ecdsa:
             if (key_type != CKK_EC) {
                 crv = CKR_KEY_TYPE_INCONSISTENT;
                 break;
@@ -2862,11 +2968,21 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
                 crv = CKR_HOST_MEMORY;
                 break;
             }
-            context->cipherInfo = privKey;
-            context->update = (SFTKCipher)nsc_ECDSASignStub;
-            context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
-            context->maxLen = MAX_ECKEY_LEN * 2;
 
+            /* OK, info is allocated only if we're doing hash and sign mechanism.
+             * It's necessary to be able to set the correct OID in the final
+             * signature.
+             */
+            if (info) {
+                info->key = privKey;
+                context->cipherInfo = info;
+                context->destroy = (SFTKDestroy)sftk_Space;
+            } else {
+                context->cipherInfo = privKey;
+                context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
+            }
+
+            context->maxLen = MAX_ECKEY_LEN * 2;
             break;
 
 #define INIT_HMAC_MECH(mmm)                                               \
@@ -3469,6 +3585,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
         info->hashOid = SEC_OID_##mmm;                    \
         goto finish_rsa;
 
+#define INIT_DSA_VFY_MECH(mmm)                            \
+    case CKM_DSA_##mmm:                                   \
+        context->multi = PR_TRUE;                         \
+        crv = sftk_doSub##mmm(context);                   \
+        if (crv != CKR_OK)                                \
+            break;                                        \
+        goto finish_dsa;
+
+#define INIT_ECDSA_VFY_MECH(mmm)                          \
+    case CKM_ECDSA_##mmm:                                 \
+        context->multi = PR_TRUE;                         \
+        crv = sftk_doSub##mmm(context);                   \
+        if (crv != CKR_OK)                                \
+            break;                                        \
+        goto finish_ecdsa;
+
     switch (pMechanism->mechanism) {
         INIT_RSA_VFY_MECH(MD5)
         INIT_RSA_VFY_MECH(MD2)
@@ -3533,13 +3665,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
             context->destroy = (SFTKDestroy)sftk_Space;
             context->verify = (SFTKVerify)sftk_RSACheckSignPSS;
             break;
-        case CKM_DSA_SHA1:
-            context->multi = PR_TRUE;
-            crv = sftk_doSubSHA1(context);
-            if (crv != CKR_OK)
-                break;
-        /* fall through */
+
+        INIT_DSA_VFY_MECH(SHA1)
+        INIT_DSA_VFY_MECH(SHA224)
+        INIT_DSA_VFY_MECH(SHA256)
+        INIT_DSA_VFY_MECH(SHA384)
+        INIT_DSA_VFY_MECH(SHA512)
+
         case CKM_DSA:
+        finish_dsa:
             if (key_type != CKK_DSA) {
                 crv = CKR_KEY_TYPE_INCONSISTENT;
                 break;
@@ -3552,13 +3686,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
             context->verify = (SFTKVerify)nsc_DSA_Verify_Stub;
             context->destroy = sftk_Null;
             break;
-        case CKM_ECDSA_SHA1:
-            context->multi = PR_TRUE;
-            crv = sftk_doSubSHA1(context);
-            if (crv != CKR_OK)
-                break;
-        /* fall through */
+
+        INIT_ECDSA_VFY_MECH(SHA1)
+        INIT_ECDSA_VFY_MECH(SHA224)
+        INIT_ECDSA_VFY_MECH(SHA256)
+        INIT_ECDSA_VFY_MECH(SHA384)
+        INIT_ECDSA_VFY_MECH(SHA512)
+
         case CKM_ECDSA:
+        finish_ecdsa:
             if (key_type != CKK_EC) {
                 crv = CKR_KEY_TYPE_INCONSISTENT;
                 break;
@@ -4673,6 +4809,73 @@ loser:
 #define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
 #define PAIRWISE_MESSAGE_LENGTH 20           /* 160-bits */
 
+static CK_RV
+pairwise_signverify_mech (CK_SESSION_HANDLE hSession,
+                          SFTKObject *publicKey, SFTKObject *privateKey,
+                          CK_MECHANISM mech,
+                          CK_ULONG signature_length,
+                          CK_ULONG pairwise_digest_length)
+{
+    /* Variables used for Signature/Verification functions. */
+    /* Must be at least 256 bits for DSA2 digest */
+    unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
+    unsigned char *signature;
+    CK_RV crv;
+
+    /* Allocate space for signature data. */
+    signature = (unsigned char *)PORT_ZAlloc(signature_length);
+    if (signature == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /* Sign the known hash using the private key. */
+    crv = NSC_SignInit(hSession, &mech, privateKey->handle);
+    if (crv != CKR_OK) {
+        PORT_Free(signature);
+        return crv;
+    }
+
+    crv = NSC_Sign(hSession,
+                   known_digest,
+                   pairwise_digest_length,
+                   signature,
+                   &signature_length);
+    if (crv != CKR_OK) {
+        PORT_Free(signature);
+        return crv;
+    }
+
+    /* detect trivial signing transforms */
+    if ((signature_length >= pairwise_digest_length) &&
+        (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
+        PORT_Free(signature);
+        return CKR_DEVICE_ERROR;
+    }
+
+    /* Verify the known hash using the public key. */
+    crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
+    if (crv != CKR_OK) {
+        PORT_Free(signature);
+        return crv;
+    }
+
+    crv = NSC_Verify(hSession,
+                     known_digest,
+                     pairwise_digest_length,
+                     signature,
+                     signature_length);
+
+    /* Free signature data. */
+    PORT_Free(signature);
+
+    if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
+        (crv == CKR_SIGNATURE_INVALID)) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    return crv;
+}
+
 /*
  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
  *
@@ -4720,8 +4923,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
 
     /* Variables used for Signature/Verification functions. */
     /* Must be at least 256 bits for DSA2 digest */
-    unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
-    unsigned char *signature;
     CK_ULONG signature_length;
 
     if (keyType == CKK_RSA) {
@@ -4875,76 +5076,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
         }
     }
 
+#define SIGNVERIFY_CHECK_MECH(vfymech)                                               \
+    mech.mechanism = vfymech;                                                        \
+    crv = pairwise_signverify_mech (hSession, publicKey, privateKey,                 \
+                                    mech, signature_length, pairwise_digest_length); \
+    if (crv != CKR_OK)                                                               \
+        return crv;
+
     if (canSignVerify) {
-        /* Determine length of signature. */
         switch (keyType) {
             case CKK_RSA:
                 signature_length = modulusLen;
-                mech.mechanism = CKM_RSA_PKCS;
+                SIGNVERIFY_CHECK_MECH(CKM_SHA224_RSA_PKCS)
                 break;
             case CKK_DSA:
                 signature_length = DSA_MAX_SIGNATURE_LEN;
                 pairwise_digest_length = subPrimeLen;
-                mech.mechanism = CKM_DSA;
+                SIGNVERIFY_CHECK_MECH(CKM_DSA_SHA224)
                 break;
             case CKK_EC:
                 signature_length = MAX_ECKEY_LEN * 2;
-                mech.mechanism = CKM_ECDSA;
+                SIGNVERIFY_CHECK_MECH(CKM_ECDSA_SHA224)
                 break;
             default:
                 return CKR_DEVICE_ERROR;
         }
 
-        /* Allocate space for signature data. */
-        signature = (unsigned char *)PORT_ZAlloc(signature_length);
-        if (signature == NULL) {
-            return CKR_HOST_MEMORY;
-        }
-
-        /* Sign the known hash using the private key. */
-        crv = NSC_SignInit(hSession, &mech, privateKey->handle);
-        if (crv != CKR_OK) {
-            PORT_Free(signature);
-            return crv;
-        }
-
-        crv = NSC_Sign(hSession,
-                       known_digest,
-                       pairwise_digest_length,
-                       signature,
-                       &signature_length);
-        if (crv != CKR_OK) {
-            PORT_Free(signature);
-            return crv;
-        }
-
-        /* detect trivial signing transforms */
-        if ((signature_length >= pairwise_digest_length) &&
-            (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
-            PORT_Free(signature);
-            return CKR_DEVICE_ERROR;
-        }
-
-        /* Verify the known hash using the public key. */
-        crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
-        if (crv != CKR_OK) {
-            PORT_Free(signature);
-            return crv;
-        }
-
-        crv = NSC_Verify(hSession,
-                         known_digest,
-                         pairwise_digest_length,
-                         signature,
-                         signature_length);
-
-        /* Free signature data. */
-        PORT_Free(signature);
-
-        if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
-            (crv == CKR_SIGNATURE_INVALID)) {
-            return CKR_GENERAL_ERROR;
-        }
         if (crv != CKR_OK) {
             return crv;
         }
diff --git a/nss/lib/softoken/softoken.h b/nss/lib/softoken/softoken.h
index 4626e78..1a22b07 100644
--- a/nss/lib/softoken/softoken.h
+++ b/nss/lib/softoken/softoken.h
@@ -35,6 +35,16 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
                   const unsigned char *sig, unsigned int sigLen,
                   const unsigned char *hash, unsigned int hashLen);
 
+extern SECStatus
+DSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
+             unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
+             const unsigned char *hash, unsigned int hashLen);
+
+extern SECStatus
+ECDSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
+               unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
+               const unsigned char *hash, unsigned int hashLen);
+
 /*
 ** Prepare a buffer for padded CBC encryption, growing to the appropriate
 ** boundary, filling with the appropriate padding.
diff --git a/nss/lib/util/pkcs11t.h b/nss/lib/util/pkcs11t.h
index 6ee6609..e42fcba 100644
--- a/nss/lib/util/pkcs11t.h
+++ b/nss/lib/util/pkcs11t.h
@@ -593,6 +593,10 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
 #define CKM_DSA_KEY_PAIR_GEN 0x00000010
 #define CKM_DSA 0x00000011
 #define CKM_DSA_SHA1 0x00000012
+#define CKM_DSA_SHA224 0x00000013
+#define CKM_DSA_SHA256 0x00000014
+#define CKM_DSA_SHA384 0x00000015
+#define CKM_DSA_SHA512 0x00000016
 #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
 #define CKM_DH_PKCS_DERIVE 0x00000021
 
@@ -851,6 +855,10 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
 
 #define CKM_ECDSA 0x00001041
 #define CKM_ECDSA_SHA1 0x00001042
+#define CKM_ECDSA_SHA224 0x00001043
+#define CKM_ECDSA_SHA256 0x00001044
+#define CKM_ECDSA_SHA384 0x00001045
+#define CKM_ECDSA_SHA512 0x00001046
 
 /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
  * are new for v2.11 */
openSUSE Build Service is sponsored by