From ab0bb8952fbd0f2c06703f26c49c0c039cd67c00 Mon Sep 17 00:00:00 2001

From: Alexander Scheel <ascheel@redhat.com>

Date: Wed, 23 Jan 2019 10:57:27 -0500

Subject: [PATCH] Disable x25519 in FIPS mode

NSS's pkcs11.txt includes global ciphersuite options, however, it

doesn't understand Curve25519 as a parameter. Until such support is

added (or NIST finally approves Curve25519 for FIPS 140-2 usage!),

manually disable Curve25519 when FIPS mode is enabled.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

---

 org/mozilla/jss/CryptoManager.c    | 6 ++++++

 org/mozilla/jss/CryptoManager.java | 2 ++

 2 files changed, 8 insertions(+)

diff --git a/org/mozilla/jss/CryptoManager.c b/org/mozilla/jss/CryptoManager.c

index 56e66b2..eb8b922 100644

--- a/jss/org/mozilla/jss/CryptoManager.c

+++ b/jss/org/mozilla/jss/CryptoManager.c

@@ -976,8 +976,14 @@ JNIEXPORT jboolean JNICALL

 Java_org_mozilla_jss_CryptoManager_FIPSEnabled(JNIEnv *env, jobject this)

 {

     if( PK11_IsFIPS() ) {

+        /* There's a bug in NSS where it won't disable x25519 in FIPS mode.

+         * Since they won't fix the bug, we have to do it ourselves. */

+        NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, 0, NSS_USE_ALG_IN_SSL_KX);

         return JNI_TRUE;

     } else {

+        /* In case FIPS mode is toggled, re-enable x25519 as it is a good

+         * curve. */

+        NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, 1, NSS_USE_ALG_IN_SSL_KX);

         return JNI_FALSE;

     }

 }

diff --git a/org/mozilla/jss/CryptoManager.java b/org/mozilla/jss/CryptoManager.java

index 9e5503d..f223361 100644

--- a/jss/org/mozilla/jss/CryptoManager.java

+++ b/jss/org/mozilla/jss/CryptoManager.java

@@ -838,6 +838,8 @@ public final class CryptoManager implements TokenSupplier

         if(instance==null) {

             throw new NotInitializedException();

         }

+        /* throw away call -- disables x25519 if we're in FIPS mode */

+        instance.FIPSEnabled();

         return instance;

     }

-- 

1.8.3.1