From ab0bb8952fbd0f2c06703f26c49c0c039cd67c00 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 23 Jan 2019 10:57:27 -0500 Subject: [PATCH] Disable x25519 in FIPS mode NSS's pkcs11.txt includes global ciphersuite options, however, it doesn't understand Curve25519 as a parameter. Until such support is added (or NIST finally approves Curve25519 for FIPS 140-2 usage!), manually disable Curve25519 when FIPS mode is enabled. Signed-off-by: Alexander Scheel --- org/mozilla/jss/CryptoManager.c | 6 ++++++ org/mozilla/jss/CryptoManager.java | 2 ++ 2 files changed, 8 insertions(+) diff --git a/org/mozilla/jss/CryptoManager.c b/org/mozilla/jss/CryptoManager.c index 56e66b2..eb8b922 100644 --- a/jss/org/mozilla/jss/CryptoManager.c +++ b/jss/org/mozilla/jss/CryptoManager.c @@ -976,8 +976,14 @@ JNIEXPORT jboolean JNICALL Java_org_mozilla_jss_CryptoManager_FIPSEnabled(JNIEnv *env, jobject this) { if( PK11_IsFIPS() ) { + /* There's a bug in NSS where it won't disable x25519 in FIPS mode. + * Since they won't fix the bug, we have to do it ourselves. */ + NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, 0, NSS_USE_ALG_IN_SSL_KX); return JNI_TRUE; } else { + /* In case FIPS mode is toggled, re-enable x25519 as it is a good + * curve. */ + NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, 1, NSS_USE_ALG_IN_SSL_KX); return JNI_FALSE; } } diff --git a/org/mozilla/jss/CryptoManager.java b/org/mozilla/jss/CryptoManager.java index 9e5503d..f223361 100644 --- a/jss/org/mozilla/jss/CryptoManager.java +++ b/jss/org/mozilla/jss/CryptoManager.java @@ -838,6 +838,8 @@ public final class CryptoManager implements TokenSupplier if(instance==null) { throw new NotInitializedException(); } + /* throw away call -- disables x25519 if we're in FIPS mode */ + instance.FIPSEnabled(); return instance; } -- 1.8.3.1