diff --git a/.gitignore b/.gitignore index 52b077b..fe33249 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/jss-4.6.0.tar.gz +SOURCES/jss-4.6.2.tar.gz diff --git a/.jss.metadata b/.jss.metadata index cb4e805..d14bd57 100644 --- a/.jss.metadata +++ b/.jss.metadata @@ -1 +1 @@ -3d6d2d885129e0d7d8ebac5dfe9055c693a7a9b1 SOURCES/jss-4.6.0.tar.gz +4fea1d770e0882aa9c1c6c493bce9eb579b5c085 SOURCES/jss-4.6.2.tar.gz diff --git a/SOURCES/0001-Disable-buffer-based-tests.patch b/SOURCES/0001-Disable-buffer-based-tests.patch deleted file mode 100644 index f39763a..0000000 --- a/SOURCES/0001-Disable-buffer-based-tests.patch +++ /dev/null @@ -1,71 +0,0 @@ -From d7d6d769b510118e40d9c0919317665c4c9feb8d Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Wed, 12 Jun 2019 17:17:45 -0400 -Subject: [PATCH] Disable buffer-based tests - -Signed-off-by: Alexander Scheel ---- - cmake/JSSTests.cmake | 33 --------------------------------- - 1 file changed, 33 deletions(-) - -diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake -index b389be5c..473d7d4d 100644 ---- a/cmake/JSSTests.cmake -+++ b/cmake/JSSTests.cmake -@@ -78,24 +78,6 @@ macro(jss_tests) - NAME "BigObjectIdentifier" - COMMAND "org.mozilla.jss.tests.BigObjectIdentifier" - ) -- jss_test_java( -- NAME "JSS_Test_PR_FileDesc" -- COMMAND "org.mozilla.jss.tests.TestPRFD" -- ) -- jss_test_java( -- NAME "JSS_Test_Raw_SSL" -- COMMAND "org.mozilla.jss.tests.TestRawSSL" "${RESULTS_NSSDB_OUTPUT_DIR}" -- DEPENDS "Setup_DBs" -- ) -- jss_test_java( -- NAME "JSS_Test_Buffer" -- COMMAND "org.mozilla.jss.tests.TestBuffer" -- ) -- jss_test_java( -- NAME "JSS_Test_BufferPRFD" -- COMMAND "org.mozilla.jss.tests.TestBufferPRFD" "${RESULTS_NSSDB_OUTPUT_DIR}" "${DB_PWD}" -- DEPENDS "List_CA_certs" -- ) - if ((${Java_VERSION_MAJOR} EQUAL 1) AND (${Java_VERSION_MINOR} LESS 9)) - jss_test_java( - NAME "Test_PKCS11Constants.java_for_Sun_compatibility" -@@ -126,16 +108,6 @@ macro(jss_tests) - NAME "JUnit_UTF8StringTest" - COMMAND "org.junit.runner.JUnitCore" "org.mozilla.jss.tests.UTF8StringTest" - ) -- jss_test_exec( -- NAME "buffer_size_1" -- COMMAND "${BIN_OUTPUT_DIR}/buffer_size_1" -- DEPENDS "generate_c_buffer_size_1" -- ) -- jss_test_exec( -- NAME "buffer_size_4" -- COMMAND "${BIN_OUTPUT_DIR}/buffer_size_4" -- DEPENDS "generate_c_buffer_size_4" -- ) - jss_test_java( - NAME "JUnit_ChainSortingTest" - COMMAND "org.junit.runner.JUnitCore" "org.mozilla.jss.tests.ChainSortingTest" -@@ -180,11 +152,6 @@ macro(jss_tests) - COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH}" "50" - DEPENDS "List_CA_certs" - ) -- jss_test_exec( -- NAME "TestBufferPRFD" -- COMMAND "${BIN_OUTPUT_DIR}/TestBufferPRFD" "${RESULTS_NSSDB_OUTPUT_DIR}" "${DB_PWD}" -- DEPENDS "List_CA_certs" "generate_c_TestBufferPRFD" -- ) - jss_test_java( - NAME "Key_Generation" - COMMAND "org.mozilla.jss.tests.TestKeyGen" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" --- -2.21.0 - diff --git a/SOURCES/0001-Fix-NativeProxy-reference-tracker.patch b/SOURCES/0001-Fix-NativeProxy-reference-tracker.patch new file mode 100644 index 0000000..529b576 --- /dev/null +++ b/SOURCES/0001-Fix-NativeProxy-reference-tracker.patch @@ -0,0 +1,53 @@ +From 91514ca0a2979ba778d27220ced0cd312e2cd2d2 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Tue, 29 Oct 2019 10:43:56 -0400 +Subject: [PATCH] Fix NativeProxy reference tracker + +In eb5df01003d74b57473eacb84e538d31f5bb06ca, I introduced a bug by +setting mPointer after trying to add NativeProxy to the registry. In +most instances this won't matter, however, if another instance exists in +the HashSet with the same hash value, the equals comparator will be +used, triggering a NPE. + +Signed-off-by: Alexander Scheel +--- + org/mozilla/jss/util/NativeProxy.java | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/org/mozilla/jss/util/NativeProxy.java b/org/mozilla/jss/util/NativeProxy.java +index 1c6d1aa5..a0811f76 100644 +--- a/org/mozilla/jss/util/NativeProxy.java ++++ b/org/mozilla/jss/util/NativeProxy.java +@@ -40,8 +40,8 @@ public abstract class NativeProxy implements AutoCloseable + */ + public NativeProxy(byte[] pointer) { + assert(pointer!=null); +- registry.add(this); + mPointer = pointer; ++ registry.add(this); + + if (saveStacktraces) { + mTrace = Arrays.toString(Thread.currentThread().getStackTrace()); +@@ -61,15 +61,12 @@ public abstract class NativeProxy implements AutoCloseable + if( ! (obj instanceof NativeProxy) ) { + return false; + } +- if( ((NativeProxy)obj).mPointer.length != mPointer.length) { ++ if (((NativeProxy)obj).mPointer == null) { ++ /* If mPointer is null, we have no way to compare the values ++ * of the pointers, so assume they're unequal. */ + return false; + } +- for(int i=0; i < mPointer.length; i++) { +- if(mPointer[i] != ((NativeProxy)obj).mPointer[i]) { +- return false; +- } +- } +- return true; ++ return Arrays.equals(((NativeProxy)obj).mPointer, mPointer); + } + + /** +-- +2.21.0 + diff --git a/SOURCES/0002-Fix-swapped-parameter-names-with-PBE.patch b/SOURCES/0002-Fix-swapped-parameter-names-with-PBE.patch new file mode 100644 index 0000000..04830df --- /dev/null +++ b/SOURCES/0002-Fix-swapped-parameter-names-with-PBE.patch @@ -0,0 +1,80 @@ +From 9f29430656342829822568f4ef49f5237b41164b Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Fri, 28 Feb 2020 14:10:32 -0500 +Subject: [PATCH 1/2] Fix swapped parameter names with PBE + +Commit 13998a9e77e60d6509ac814ed711dd21e1248ecd introduced a regression +related to extracting the parameter classes during PBE operations: +previously, the classes of the underlying encryption algorithm were +iterated over, instead of the classes of the PBE class itself. However, +this commit iterated over the PBE parameter classes; no PBE algorithm +accepts a IvParameterSpec, resulting in a null parameter passed to the +later encryption or key wrap operation. This resulted in stack traces +like the following: + +Caused by: java.security.InvalidAlgorithmParameterException: DES3/CBC/Pad cannot use a null parameter + at org.mozilla.jss.pkcs11.PK11KeyWrapper.checkParams(PK11KeyWrapper.java:225) + at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:89) + at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:57) + at org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.createPBE(EncryptedPrivateKeyInfo.java:342) + +Resolves: rh-bz#1807371 + +Signed-off-by: Alexander Scheel +--- + org/mozilla/jss/pkcs7/EncryptedContentInfo.java | 2 +- + org/mozilla/jss/pkix/cms/EncryptedContentInfo.java | 2 +- + org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++-- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java +index 084752c3..0344b14d 100644 +--- a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java ++++ b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java +@@ -182,7 +182,7 @@ public class EncryptedContentInfo implements ASN1Value { + // generate IV + EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); + AlgorithmParameterSpec params=null; +- Class [] paramClasses = pbeAlg.getParameterClasses(); ++ Class [] paramClasses = encAlg.getParameterClasses(); + for (int i = 0; i < paramClasses.length; i ++) { + if ( paramClasses[i].equals( + javax.crypto.spec.IvParameterSpec.class ) ) { +diff --git a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java +index a4709070..d85eb0d3 100644 +--- a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java ++++ b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java +@@ -180,7 +180,7 @@ public class EncryptedContentInfo implements ASN1Value { + // generate IV + EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); + AlgorithmParameterSpec params=null; +- Class [] paramClasses = pbeAlg.getParameterClasses(); ++ Class [] paramClasses = encAlg.getParameterClasses(); + for (int i = 0; i < paramClasses.length; i ++) { + if ( paramClasses[i].equals( IVParameterSpec.class ) ) { + params = new IVParameterSpec( kg.generatePBE_IV() ); +diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +index b35714e3..ebd269f3 100644 +--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java ++++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +@@ -147,7 +147,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value { + // generate IV + EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); + AlgorithmParameterSpec params=null; +- Class [] paramClasses = pbeAlg.getParameterClasses(); ++ Class [] paramClasses = encAlg.getParameterClasses(); + for (int i = 0; i < paramClasses.length; i ++) { + if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) { + params = new IVParameterSpec( kg.generatePBE_IV() ); +@@ -328,7 +328,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value { + // generate IV + EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); + AlgorithmParameterSpec params=null; +- Class [] paramClasses = pbeAlg.getParameterClasses(); ++ Class [] paramClasses = encAlg.getParameterClasses(); + for (int i = 0; i < paramClasses.length; i ++) { + if ( paramClasses[i].equals( + javax.crypto.spec.IvParameterSpec.class ) ) { +-- +2.24.1 + diff --git a/SOURCES/0002-Support-LD_FLAGS-from-environment.patch b/SOURCES/0002-Support-LD_FLAGS-from-environment.patch deleted file mode 100644 index eaa0e60..0000000 --- a/SOURCES/0002-Support-LD_FLAGS-from-environment.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 731b62d4c456a3e1a70519c24eb0df2c59d943b4 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Mon, 17 Jun 2019 08:48:01 -0400 -Subject: [PATCH] Support LD_FLAGS from environment - -Signed-off-by: Alexander Scheel ---- - cmake/JSSConfig.cmake | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/cmake/JSSConfig.cmake b/cmake/JSSConfig.cmake -index f045850a..e63dd5fa 100644 ---- a/cmake/JSSConfig.cmake -+++ b/cmake/JSSConfig.cmake -@@ -174,6 +174,11 @@ macro(jss_config_ldflags) - list(APPEND JSS_LD_FLAGS "-lpthread") - list(APPEND JSS_LD_FLAGS "-ldl") - -+ separate_arguments(PASSED_LD_FLAGS UNIX_COMMAND "${CMAKE_SHARED_LINKER_FLAGS}") -+ foreach(PASSED_LD_FLAG ${PASSED_LD_FLAGS}) -+ list(INSERT JSS_LD_FLAGS 0 "${PASSED_LD_FLAG}") -+ endforeach() -+ - # This set of flags is specific to building the libjss library. - list(APPEND JSS_LIBRARY_FLAGS "-shared") - list(APPEND JSS_LIBRARY_FLAGS "-Wl,-z,defs") -@@ -181,6 +186,9 @@ macro(jss_config_ldflags) - list(APPEND JSS_LIBRARY_FLAGS "-Wl,${JSS_SO}") - - set(JSS_VERSION_SCRIPT "-Wl,--version-script,${PROJECT_SOURCE_DIR}/lib/jss.map") -+ -+ message(STATUS "JSS LD FLAGS: ${JSS_LD_FLAGS}") -+ message(STATUS "JSS LIBRARY FLAGS: ${JSS_LIBRARY_FLAGS}") - endmacro() - - macro(jss_config_java) --- -2.20.1 - diff --git a/SOURCES/0003-Remove-legacy-DSA-implementation.patch b/SOURCES/0003-Remove-legacy-DSA-implementation.patch deleted file mode 100644 index 9915a51..0000000 --- a/SOURCES/0003-Remove-legacy-DSA-implementation.patch +++ /dev/null @@ -1,2197 +0,0 @@ -From 34e52cf538fab7786be6298de05d7a1ad0b652b7 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Wed, 14 Aug 2019 14:38:39 -0400 -Subject: [PATCH] Remove legacy DSA implementation - -This is better suited for NSS via the Mozilla-JSS provider. This entire -provider could eventually be removed if we wished, but certain -functionality required by PKI transitively depends on it. It is never -explicitly added though, so I'm not convinced those places truly use it -via the intended APIs. However, various classes inside the provider are -used directly (such as RSAPublicKey and DSAPublicKey). - -Signed-off-by: Alexander Scheel ---- - .../jss/netscape/security/provider/DSA.java | 664 ------------------ - .../provider/DSAKeyPairGenerator.java | 389 ---------- - .../provider/DSAParameterGenerator.java | 298 -------- - .../jss/netscape/security/provider/MD5.java | 378 ---------- - .../jss/netscape/security/provider/SHA.java | 349 --------- - .../jss/netscape/security/provider/Sun.java | 43 -- - 6 files changed, 2121 deletions(-) - delete mode 100644 org/mozilla/jss/netscape/security/provider/DSA.java - delete mode 100644 org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java - delete mode 100644 org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java - delete mode 100644 org/mozilla/jss/netscape/security/provider/MD5.java - delete mode 100644 org/mozilla/jss/netscape/security/provider/SHA.java - -diff --git a/org/mozilla/jss/netscape/security/provider/DSA.java b/org/mozilla/jss/netscape/security/provider/DSA.java -deleted file mode 100644 -index abc320f4..00000000 ---- a/org/mozilla/jss/netscape/security/provider/DSA.java -+++ /dev/null -@@ -1,664 +0,0 @@ --// --- BEGIN COPYRIGHT BLOCK --- --// This program is free software; you can redistribute it and/or modify --// it under the terms of the GNU General Public License as published by --// the Free Software Foundation; version 2 of the License. --// --// This program is distributed in the hope that it will be useful, --// but WITHOUT ANY WARRANTY; without even the implied warranty of --// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --// GNU General Public License for more details. --// --// You should have received a copy of the GNU General Public License along --// with this program; if not, write to the Free Software Foundation, Inc., --// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --// --// (C) 2007 Red Hat, Inc. --// All rights reserved. --// --- END COPYRIGHT BLOCK --- --package org.mozilla.jss.netscape.security.provider; -- --import java.io.IOException; --import java.io.PrintStream; --import java.math.BigInteger; --import java.security.InvalidKeyException; --import java.security.InvalidParameterException; --import java.security.MessageDigest; --import java.security.NoSuchAlgorithmException; --import java.security.PrivateKey; --import java.security.PublicKey; --import java.security.SecureRandom; --import java.security.Signature; --import java.security.SignatureException; --import java.security.interfaces.DSAParams; -- --import org.mozilla.jss.netscape.security.util.BigInt; --import org.mozilla.jss.netscape.security.util.DerInputStream; --import org.mozilla.jss.netscape.security.util.DerOutputStream; --import org.mozilla.jss.netscape.security.util.DerValue; -- --/** -- * The Digital Signature Standard (using the Digital Signature -- * Algorithm), as described in fips186 of the National Instute of -- * Standards and Technology (NIST), using fips180-1 (SHA-1). -- * -- * @author Benjamin Renaud -- * -- * @version 1.86, 97/09/17 -- * -- * @see DSAPublicKey -- * @see DSAPrivateKey -- */ -- --public final class DSA extends Signature { -- -- /* Are we debugging? */ -- private static boolean debug = false; -- -- /* The parameter object */ -- @SuppressWarnings("unused") -- private DSAParams params; -- -- /* algorithm parameters */ -- private BigInteger presetP, presetQ, presetG; -- -- /* The public key, if any */ -- private BigInteger presetY; -- -- /* The private key, if any */ -- private BigInteger presetX; -- -- /* The SHA hash for the data */ -- private MessageDigest dataSHA; -- -- /* The random seed used to generate k */ -- private int[] Kseed; -- -- /* The random seed used to generate k (specified by application) */ -- private byte[] KseedAsByteArray; -- -- /* -- * The random seed used to generate k -- * (prevent the same Kseed from being used twice in a row -- */ -- private int[] previousKseed; -- -- /* The RNG used to output a seed for generating k */ -- private SecureRandom signingRandom; -- -- /** -- * Construct a blank DSA object. It can generate keys, but must be -- * initialized before being usable for signing or verifying. -- */ -- public DSA() throws NoSuchAlgorithmException { -- super("SHA/DSA"); -- dataSHA = MessageDigest.getInstance("SHA"); -- } -- -- /** -- * Initialize the DSA object with a DSA private key. -- * -- * @param privateKey the DSA private key -- * -- * @exception InvalidKeyException if the key is not a valid DSA private -- * key. -- */ -- protected void engineInitSign(PrivateKey privateKey) -- throws InvalidKeyException { -- if (!(privateKey instanceof java.security.interfaces.DSAPrivateKey)) { -- throw new InvalidKeyException("not a DSA private key: " + -- privateKey); -- } -- java.security.interfaces.DSAPrivateKey priv = -- (java.security.interfaces.DSAPrivateKey) privateKey; -- -- this.presetX = priv.getX(); -- initialize(priv.getParams()); -- } -- -- /** -- * Initialize the DSA object with a DSA public key. -- * -- * @param publicKey the DSA public key. -- * -- * @exception InvalidKeyException if the key is not a valid DSA public -- * key. -- */ -- protected void engineInitVerify(PublicKey publicKey) -- throws InvalidKeyException { -- if (!(publicKey instanceof java.security.interfaces.DSAPublicKey)) { -- throw new InvalidKeyException("not a DSA public key: " + -- publicKey); -- } -- java.security.interfaces.DSAPublicKey pub = -- (java.security.interfaces.DSAPublicKey) publicKey; -- this.presetY = pub.getY(); -- initialize(pub.getParams()); -- } -- -- private void initialize(DSAParams params) { -- dataSHA.reset(); -- setParams(params); -- } -- -- /** -- * Sign all the data thus far updated. The signature is formatted -- * according to the Canonical Encoding Rules, returned as a DER -- * sequence of Integer, r and s. -- * -- * @return a signature block formatted according to the Canonical -- * Encoding Rules. -- * -- * @exception SignatureException if the signature object was not -- * properly initialized, or if another exception occurs. -- * -- * @see org.mozilla.jss.netscape.security.provider.DSA#engineUpdate -- * @see org.mozilla.jss.netscape.security.provider.DSA#engineVerify -- */ -- protected byte[] engineSign() throws SignatureException { -- BigInteger k = generateK(presetQ); -- BigInteger r = generateR(presetP, presetQ, presetG, k); -- BigInteger s = generateS(presetX, presetQ, r, k); -- -- // got to convert to BigInt... -- BigInt rAsBigInt = new BigInt(r.toByteArray()); -- BigInt sAsBigInt = new BigInt(s.toByteArray()); -- -- try (DerOutputStream outseq = new DerOutputStream(100)) { -- outseq.putInteger(rAsBigInt); -- outseq.putInteger(sAsBigInt); -- DerValue result = new DerValue(DerValue.tag_Sequence, -- outseq.toByteArray()); -- -- return result.toByteArray(); -- -- } catch (IOException e) { -- throw new SignatureException("error encoding signature"); -- } -- } -- -- /** -- * Verify all the data thus far updated. -- * -- * @param signature the alledged signature, encoded using the -- * Canonical Encoding Rules, as a sequence of integers, r and s. -- * -- * @exception SignatureException if the signature object was not -- * properly initialized, or if another exception occurs. -- * -- * @see org.mozilla.jss.netscape.security.provider.DSA#engineUpdate -- * @see org.mozilla.jss.netscape.security.provider.DSA#engineSign -- */ -- protected boolean engineVerify(byte[] signature) -- throws SignatureException { -- -- BigInteger r = null; -- BigInteger s = null; -- // first decode the signature. -- try { -- DerInputStream in = new DerInputStream(signature); -- DerValue[] values = in.getSequence(2); -- -- r = values[0].getInteger().toBigInteger(); -- s = values[1].getInteger().toBigInteger(); -- -- } catch (IOException e) { -- throw new SignatureException("invalid encoding for signature"); -- } -- BigInteger w = generateW(presetP, presetQ, presetG, s); -- BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r); -- -- return v.equals(r); -- } -- -- BigInteger generateR(BigInteger p, BigInteger q, BigInteger g, -- BigInteger k) { -- BigInteger temp = g.modPow(k, p); -- return temp.remainder(q); -- -- } -- -- BigInteger generateS(BigInteger x, BigInteger q, -- BigInteger r, BigInteger k) { -- -- byte[] s2 = dataSHA.digest(); -- BigInteger temp = new BigInteger(1, s2); -- BigInteger k1 = k.modInverse(q); -- -- BigInteger s = x.multiply(r); -- s = temp.add(s); -- s = k1.multiply(s); -- return s.remainder(q); -- } -- -- BigInteger generateW(BigInteger p, BigInteger q, -- BigInteger g, BigInteger s) { -- return s.modInverse(q); -- } -- -- BigInteger generateV(BigInteger y, BigInteger p, -- BigInteger q, BigInteger g, -- BigInteger w, BigInteger r) { -- -- byte[] s2 = dataSHA.digest(); -- BigInteger temp = new BigInteger(1, s2); -- -- temp = temp.multiply(w); -- BigInteger u1 = temp.remainder(q); -- -- BigInteger u2 = (r.multiply(w)).remainder(q); -- -- BigInteger t1 = g.modPow(u1, p); -- BigInteger t2 = y.modPow(u2, p); -- BigInteger t3 = t1.multiply(t2); -- BigInteger t5 = t3.remainder(p); -- return t5.remainder(q); -- } -- -- /* -- * Please read bug report 4044247 for an alternative, faster, -- * NON-FIPS approved method to generate K -- */ -- BigInteger generateK(BigInteger q) { -- -- BigInteger k = null; -- -- // The application specified a Kseed for us to use. -- // Note that we do not allow usage of the same Kseed twice in a row -- if (Kseed != null && compareSeeds(Kseed, previousKseed) != 0) { -- k = generateK(Kseed, q); -- if (k.signum() > 0 && k.compareTo(q) < 0) { -- previousKseed = new int[Kseed.length]; -- System.arraycopy(Kseed, 0, previousKseed, 0, Kseed.length); -- return k; -- } -- } -- -- // The application did not specify a Kseed for us to use. -- // We'll generate a new Kseed by getting random bytes from -- // a SecureRandom object. -- SecureRandom random = getSigningRandom(); -- -- while (true) { -- int[] seed = new int[5]; -- -- for (int i = 0; i < 5; i++) -- seed[i] = random.nextInt(); -- k = generateK(seed, q); -- if (k.signum() > 0 && k.compareTo(q) < 0) { -- previousKseed = new int[seed.length]; -- System.arraycopy(seed, 0, previousKseed, 0, seed.length); -- return k; -- } -- } -- } -- -- // Use the application-specified SecureRandom Object if provided. -- // Otherwise, use our default SecureRandom Object. -- private SecureRandom getSigningRandom() { -- if (signingRandom == null) { -- if (appRandom != null) -- signingRandom = appRandom; -- else -- signingRandom = new SecureRandom(); -- } -- return signingRandom; -- } -- -- /* -- * return 0 if equal -- * return 1 if not equal -- */ -- private int compareSeeds(int[] seed1, int[] seed2) { -- -- if (seed1 == null || seed2 == null) { -- return 1; -- } -- if (seed1.length != seed2.length) { -- return 1; -- } -- -- for (int i = 0; i < seed1.length; i++) { -- if (seed1[i] != seed2[i]) -- return 1; -- } -- -- return 0; -- -- } -- -- /** -- * Compute k for a DSA signature. -- * -- * @param seed the seed for generating k. This seed should be -- * secure. This is what is refered to as the KSEED in the DSA -- * specification. -- * -- * @param g the g parameter from the DSA key pair. -- */ -- BigInteger generateK(int[] seed, BigInteger q) { -- -- // check out t in the spec. -- int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476, -- 0xC3D2E1F0, 0x67452301 }; -- // -- int[] tmp = DSA.SHA_7(seed, t); -- byte[] tmpBytes = new byte[tmp.length * 4]; -- for (int i = 0; i < tmp.length; i++) { -- int k = tmp[i]; -- for (int j = 0; j < 4; j++) { -- tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); -- } -- } -- BigInteger k = new BigInteger(1, tmpBytes).mod(q); -- return k; -- } -- -- // Constants for each round -- private static final int round1_kt = 0x5a827999; -- private static final int round2_kt = 0x6ed9eba1; -- private static final int round3_kt = 0x8f1bbcdc; -- private static final int round4_kt = 0xca62c1d6; -- -- /** -- * Computes set 1 thru 7 of SHA-1 on m1. -- */ -- static int[] SHA_7(int[] m1, int[] h) { -- -- int[] W = new int[80]; -- System.arraycopy(m1, 0, W, 0, m1.length); -- int temp = 0; -- -- for (int t = 16; t <= 79; t++) { -- temp = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; -- W[t] = ((temp << 1) | (temp >>> (32 - 1))); -- } -- -- int a = h[0], b = h[1], c = h[2], d = h[3], e = h[4]; -- for (int i = 0; i < 20; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- ((b & c) | ((~b) & d)) + e + W[i] + round1_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- -- // Round 2 -- for (int i = 20; i < 40; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- (b ^ c ^ d) + e + W[i] + round2_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- -- // Round 3 -- for (int i = 40; i < 60; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- ((b & c) | (b & d) | (c & d)) + e + W[i] + round3_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- -- // Round 4 -- for (int i = 60; i < 80; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- (b ^ c ^ d) + e + W[i] + round4_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- int[] md = new int[5]; -- md[0] = h[0] + a; -- md[1] = h[1] + b; -- md[2] = h[2] + c; -- md[3] = h[3] + d; -- md[4] = h[4] + e; -- return md; -- } -- -- /** -- * This implementation recognizes the following parameter: -- *
-- * -- *
Kseed -- * -- *
a byte array. -- * -- *
-- * -- * @deprecated Replaced by engineSetParameter(AlgorithmParameterSpec params) -- */ -- @Deprecated -- protected void engineSetParameter(String key, Object param) { -- -- if (key.equals("KSEED")) { -- -- if (param instanceof byte[]) { -- -- Kseed = byteArray2IntArray((byte[]) param); -- KseedAsByteArray = (byte[]) param; -- -- } else { -- debug("unrecognized param: " + key); -- throw new InvalidParameterException("Kseed not a byte array"); -- } -- -- } else { -- throw new InvalidParameterException("invalid parameter"); -- } -- } -- -- /** -- * Return the value of the requested parameter. Recognized -- * parameters are: -- * -- *
-- * -- *
Kseed -- * -- *
a byte array. -- * -- *
-- * -- * @return the value of the requested parameter. -- * -- * @deprecated no replacent given -- * @see https://docs.oracle.com/javase/10/docs/api/java/security/SignatureSpi.html#engineGetParameter(java.lang.String) -- */ -- @Deprecated -- protected Object engineGetParameter(String key) { -- if (key.equals("KSEED")) { -- return KseedAsByteArray; -- } else { -- return null; -- } -- } -- -- /** -- * Set the algorithm object. -- */ -- private void setParams(DSAParams params) { -- this.params = params; -- this.presetP = params.getP(); -- this.presetQ = params.getQ(); -- this.presetG = params.getG(); -- } -- -- /** -- * Update a byte to be signed or verified. -- * -- * @param b the byte to updated. -- */ -- protected void engineUpdate(byte b) { -- dataSHA.update(b); -- } -- -- /** -- * Update an array of bytes to be signed or verified. -- * -- * @param data the bytes to be updated. -- */ -- protected void engineUpdate(byte[] data, int off, int len) { -- dataSHA.update(data, off, len); -- } -- -- /** -- * Return a human readable rendition of the engine. -- */ -- public String toString() { -- String printable = "DSA Signature"; -- if (presetP != null && presetQ != null && presetG != null) { -- printable += "\n\tp: " + presetP.toString(16); -- printable += "\n\tq: " + presetQ.toString(16); -- printable += "\n\tg: " + presetG.toString(16); -- } else { -- printable += "\n\t P, Q or G not initialized."; -- } -- if (presetY != null) { -- printable += "\n\ty: " + presetY.toString(16); -- } -- if (presetY == null && presetX == null) { -- printable += "\n\tUNINIIALIZED"; -- } -- return printable; -- } -- -- /* -- * Utility routine for converting a byte array into an int array -- */ -- private int[] byteArray2IntArray(byte[] byteArray) { -- -- int j = 0; -- byte[] newBA; -- int mod = byteArray.length % 4; -- -- // guarantee that the incoming byteArray is a multiple of 4 -- // (pad with 0's) -- switch (mod) { -- case 3: -- newBA = new byte[byteArray.length + 1]; -- break; -- case 2: -- newBA = new byte[byteArray.length + 2]; -- break; -- case 1: -- newBA = new byte[byteArray.length + 3]; -- break; -- default: -- newBA = new byte[byteArray.length + 0]; -- break; -- } -- System.arraycopy(byteArray, 0, newBA, 0, byteArray.length); -- -- // copy each set of 4 bytes in the byte array into an integer -- int[] newSeed = new int[newBA.length / 4]; -- for (int i = 0; i < newBA.length; i += 4) { -- newSeed[j] = newBA[i + 3] & 0xFF; -- newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00; -- newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000; -- newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000; -- j++; -- } -- -- return newSeed; -- } -- -- /* We include the test vectors from the DSA specification, FIPS -- 186, and the FIPS 186 Change No 1, which updates the test -- vector using SHA-1 instead of SHA (for both the G function and -- the message hash. */ -- -- static void testDSA() throws Exception { -- PrintStream p = System.out; -- -- DSA dsa = new DSA(); -- int[] Kseed = { 0x687a66d9, 0x0648f993, 0x867e121f, -- 0x4ddf9ddb, 0x1205584 }; -- BigInteger k = dsa.generateK(Kseed, q512); -- p.println("k: " + k.toString(16)); -- BigInteger r = dsa.generateR(p512, q512, g512, k); -- p.println("r: " + r.toString(16)); -- byte[] abc = { 0x61, 0x62, 0x63 }; -- dsa.dataSHA.update(abc); -- BigInteger s = dsa.generateS(x512, q512, r, k); -- p.println("s: " + s.toString(16)); -- -- dsa.dataSHA.update(abc); -- BigInteger w = dsa.generateW(p512, q512, g512, s); -- p.println("w: " + w.toString(16)); -- BigInteger v = dsa.generateV(y512, p512, q512, g512, w, r); -- p.println("v: " + v.toString(16)); -- if (v.equals(r)) { -- p.println("signature verifies."); -- } else { -- p.println("signature does not verify."); -- } -- } -- -- /* Test vector: 512-bit keys generated by our key generator. */ -- -- static BigInteger p512 = -- new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" + -- "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" + -- "2ed0899bcd132acd50d99151bdc43ee737592e17", 16); -- -- static BigInteger q512 = -- new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16); -- -- static BigInteger g512 = -- new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" + -- "4d6486931d2d14271b9e35030b71fd73da179069b32e" + -- "2935630e1c2062354d0da20a6c416e50be794ca4", 16); -- -- static BigInteger x512 = -- new BigInteger("3406c2d71b04b5fc0db62afcad58a6607d3de688", 16); -- -- static BigInteger y512 = -- new BigInteger("2d335d76b8ec9d610aa8f2cbb4b149fd96fdd" + -- "3a9a6e62bd6c2e01d406be4d1d72718a2fe08bea6d12f5e452474461f70f4" + -- "dea60508e9fe2eaec23d2ec5d1a866", 16); -- -- /* Official NIST 512-bit test keys */ -- -- static String pString = "8df2a494492276aa3d25759bb06869cbeac0d83afb8d0" + -- "cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec" + -- "0736ee31c80291"; -- -- static BigInteger testP = new BigInteger(pString, 16); -- -- static String gString = "626d027839ea0a13413163a55b4cb500299d5522956ce" + -- "fcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc5" + -- "72af53e6d78802"; -- -- static BigInteger testG = new BigInteger(gString, 16); -- -- static BigInteger testQ = new BigInteger("c773218c737ec8ee993b4f2ded30" + -- "f48edace915f", 16); -- -- static BigInteger testX = new BigInteger("2070b3223dba372fde1c0ffc7b2e" + -- "3b498b260614", 16); -- -- static String yString = "19131871d75b1612a819f29d78d1b0d7346f7aa77" + -- "bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06" + -- "699630a76b030ee333"; -- -- static BigInteger testY = new BigInteger(yString, 16); -- -- /* End test vector values */ -- -- private static void debug(String s) { -- if (debug) { -- System.err.println(s); -- } -- } -- --} -diff --git a/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java b/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java -deleted file mode 100644 -index c4942dea..00000000 ---- a/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java -+++ /dev/null -@@ -1,389 +0,0 @@ --// --- BEGIN COPYRIGHT BLOCK --- --// This program is free software; you can redistribute it and/or modify --// it under the terms of the GNU General Public License as published by --// the Free Software Foundation; version 2 of the License. --// --// This program is distributed in the hope that it will be useful, --// but WITHOUT ANY WARRANTY; without even the implied warranty of --// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --// GNU General Public License for more details. --// --// You should have received a copy of the GNU General Public License along --// with this program; if not, write to the Free Software Foundation, Inc., --// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --// --// (C) 2007 Red Hat, Inc. --// All rights reserved. --// --- END COPYRIGHT BLOCK --- --package org.mozilla.jss.netscape.security.provider; -- --import java.math.BigInteger; --import java.security.AlgorithmParameterGenerator; --import java.security.InvalidAlgorithmParameterException; --import java.security.InvalidKeyException; --import java.security.InvalidParameterException; --import java.security.KeyPair; --import java.security.KeyPairGenerator; --import java.security.NoSuchAlgorithmException; --import java.security.NoSuchProviderException; --import java.security.ProviderException; --import java.security.SecureRandom; --import java.security.interfaces.DSAParams; --import java.security.spec.AlgorithmParameterSpec; --import java.security.spec.DSAParameterSpec; --import java.security.spec.InvalidParameterSpecException; --import java.util.Hashtable; -- --import org.mozilla.jss.netscape.security.x509.AlgIdDSA; -- --/** -- * This class generates DSA key parameters and public/private key -- * pairs according to the DSS standard NIST FIPS 186. It uses the -- * updated version of SHA, SHA-1 as described in FIPS 180-1. -- * -- * @author Benjamin Renaud -- * -- * @version 1.23, 97/12/10 -- */ -- --public class DSAKeyPairGenerator extends KeyPairGenerator -- implements java.security.interfaces.DSAKeyPairGenerator { -- -- private static Hashtable precomputedParams; -- -- static { -- -- /* We support precomputed parameter for 512, 768 and 1024 bit -- moduli. In this file we provide both the seed and counter -- value of the generation process for each of these seeds, -- for validation purposes. We also include the test vectors -- from the DSA specification, FIPS 186, and the FIPS 186 -- Change No 1, which updates the test vector using SHA-1 -- instead of SHA (for both the G function and the message -- hash. -- */ -- -- precomputedParams = new Hashtable(); -- -- /* -- * L = 512 -- * SEED = b869c82b35d70e1b1ff91b28e37a62ecdc34409b -- * counter = 123 -- */ -- BigInteger p512 = -- new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" + -- "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" + -- "2ed0899bcd132acd50d99151bdc43ee737592e17", 16); -- -- BigInteger q512 = -- new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16); -- -- BigInteger g512 = -- new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" + -- "4d6486931d2d14271b9e35030b71fd73da179069b32e" + -- "2935630e1c2062354d0da20a6c416e50be794ca4", 16); -- -- /* -- * L = 768 -- * SEED = 77d0f8c4dad15eb8c4f2f8d6726cefd96d5bb399 -- * counter = 263 -- */ -- BigInteger p768 = -- new BigInteger("e9e642599d355f37c97ffd3567120b8e25c9cd43e" + -- "927b3a9670fbec5d890141922d2c3b3ad24800937" + -- "99869d1e846aab49fab0ad26d2ce6a22219d470bc" + -- "e7d777d4a21fbe9c270b57f607002f3cef8393694" + -- "cf45ee3688c11a8c56ab127a3daf", 16); -- -- BigInteger q768 = -- new BigInteger("9cdbd84c9f1ac2f38d0f80f42ab952e7338bf511", -- 16); -- -- BigInteger g768 = -- new BigInteger("30470ad5a005fb14ce2d9dcd87e38bc7d1b1c5fac" + -- "baecbe95f190aa7a31d23c4dbbcbe06174544401a" + -- "5b2c020965d8c2bd2171d3668445771f74ba084d2" + -- "029d83c1c158547f3a9f1a2715be23d51ae4d3e5a" + -- "1f6a7064f316933a346d3f529252", 16); -- -- /* -- * L = 1024 -- * SEED = 8d5155894229d5e689ee01e6018a237e2cae64cd -- * counter = 92 -- */ -- BigInteger p1024 = -- new BigInteger("fd7f53811d75122952df4a9c2eece4e7f611b7523c" + -- "ef4400c31e3f80b6512669455d402251fb593d8d58" + -- "fabfc5f5ba30f6cb9b556cd7813b801d346ff26660" + -- "b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c6" + -- "1bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554" + -- "135a169132f675f3ae2b61d72aeff22203199dd148" + -- "01c7", 16); -- -- BigInteger q1024 = -- new BigInteger("9760508f15230bccb292b982a2eb840bf0581cf5", -- 16); -- -- BigInteger g1024 = -- new BigInteger("f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa" + -- "3aea82f9574c0b3d0782675159578ebad4594fe671" + -- "07108180b449167123e84c281613b7cf09328cc8a6" + -- "e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f" + -- "0bfa213562f1fb627a01243bcca4f1bea8519089a8" + -- "83dfe15ae59f06928b665e807b552564014c3bfecf" + -- "492a", 16); -- -- try { -- AlgIdDSA alg512 = new AlgIdDSA(p512, q512, g512); -- AlgIdDSA alg768 = new AlgIdDSA(p768, q768, g768); -- AlgIdDSA alg1024 = new AlgIdDSA(p1024, q1024, g1024); -- -- precomputedParams.put(Integer.valueOf(512), alg512); -- precomputedParams.put(Integer.valueOf(768), alg768); -- precomputedParams.put(Integer.valueOf(1024), alg1024); -- -- } catch (Exception e) { -- throw new InternalError("initializing precomputed " + -- "algorithm parameters for Sun DSA"); -- } -- } -- -- /* The modulus length */ -- private int modlen = 1024; -- -- /* Generate new parameters, even if we have precomputed ones. */ -- boolean generateNewParameters = false; -- -- /* preset algorithm parameters. */ -- private BigInteger presetP, presetQ, presetG; -- -- /* The source of random bits to use */ -- SecureRandom random; -- -- public DSAKeyPairGenerator() { -- super("DSA"); -- } -- -- public void initialize(int strength, SecureRandom random) { -- if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) { -- throw new InvalidParameterException("Modulus size must range from 512 to 1024 " -- + "and be a multiple of 64"); -- } -- -- /* Set the random */ -- this.random = random; -- if (this.random == null) { -- this.random = new SecureRandom(); -- } -- -- this.modlen = strength; -- DSAParams params = null; -- -- /* Find the precomputed parameters, if any */ -- if (!generateNewParameters) { -- Integer mod = Integer.valueOf(this.modlen); -- params = precomputedParams.get(mod); -- } -- if (params != null) { -- setParams(params); -- } -- } -- -- /** -- * Initializes the DSA key pair generator. If genParams is false, a set of pre-computed parameters is -- * used. In this case, modelen must be 512, 768, or 1024. -- */ -- public void initialize(int modlen, boolean genParams, SecureRandom random) -- throws InvalidParameterException { -- if (genParams == false && modlen != 512 && modlen != 768 -- && modlen != 1024) { -- throw new InvalidParameterException("No precomputed parameters for requested modulus size " -- + "available"); -- } -- this.generateNewParameters = genParams; -- initialize(modlen, random); -- } -- -- /** -- * Initializes the DSA object using a DSA parameter object. -- * -- * @param params a fully initialized DSA parameter object. -- */ -- public void initialize(DSAParams params, SecureRandom random) -- throws InvalidParameterException { -- initialize(params.getP().bitLength(), random); -- setParams(params); -- } -- -- /** -- * Initializes the DSA object using a parameter object. -- * -- * @param params the parameter set to be used to generate -- * the keys. -- * @param random the source of randomness for this generator. -- * -- * @exception InvalidAlgorithmParameterException if the given parameters -- * are inappropriate for this key pair generator -- */ -- public void initialize(AlgorithmParameterSpec params, SecureRandom random) -- throws InvalidAlgorithmParameterException { -- if (!(params instanceof DSAParameterSpec)) { -- throw new InvalidAlgorithmParameterException("Inappropriate parameter"); -- } -- initialize(((DSAParameterSpec) params).getP().bitLength(), -- random); -- setParams((DSAParameterSpec) params); -- } -- -- /** -- * Generates a pair of keys usable by any JavaSecurity compliant -- * DSA implementation. -- * -- * @param rnd the source of random bits from which the random key -- * generation parameters are drawn. In particular, this includes -- * the XSEED parameter. -- * -- * @exception InvalidParameterException if the modulus is not -- * between 512 and 1024. -- */ -- public KeyPair generateKeyPair() { -- -- // set random if initialize() method has been skipped -- if (this.random == null) { -- this.random = new SecureRandom(); -- } -- -- if (presetP == null || presetQ == null || presetG == null || -- generateNewParameters) { -- -- AlgorithmParameterGenerator dsaParamGen; -- -- try { -- dsaParamGen = AlgorithmParameterGenerator.getInstance("DSA", -- "SUN"); -- } catch (NoSuchAlgorithmException e) { -- // this should never happen, because we provide it -- throw new RuntimeException(e.getMessage()); -- } catch (NoSuchProviderException e) { -- // this should never happen, because we provide it -- throw new RuntimeException(e.getMessage()); -- } -- -- dsaParamGen.init(modlen, random); -- -- DSAParameterSpec dsaParamSpec; -- try { -- dsaParamSpec = dsaParamGen.generateParameters().getParameterSpec -- (DSAParameterSpec.class); -- } catch (InvalidParameterSpecException e) { -- // this should never happen -- throw new RuntimeException(e.getMessage()); -- } -- presetP = dsaParamSpec.getP(); -- presetQ = dsaParamSpec.getQ(); -- presetG = dsaParamSpec.getG(); -- } -- -- return generateKeyPair(presetP, presetQ, presetG, random); -- } -- -- public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, -- SecureRandom random) { -- -- BigInteger x = generateX(random, q); -- BigInteger y = generateY(x, p, g); -- -- try { -- DSAPublicKey pub = new DSAPublicKey(y, p, q, g); -- DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g); -- -- KeyPair pair = new KeyPair(pub, priv); -- return pair; -- -- } catch (InvalidKeyException e) { -- throw new ProviderException(e.getMessage()); -- } -- } -- -- /** -- * Generate the private key component of the key pair using the -- * provided source of random bits. This method uses the random but -- * source passed to generate a seed and then calls the seed-based -- * generateX method. -- */ -- private BigInteger generateX(SecureRandom random, BigInteger q) { -- BigInteger x = null; -- while (true) { -- int[] seed = new int[5]; -- for (int i = 0; i < 5; i++) { -- seed[i] = random.nextInt(); -- } -- x = generateX(seed, q); -- if (x.signum() > 0 && (x.compareTo(q) < 0)) { -- break; -- } -- } -- return x; -- } -- -- /** -- * Given a seed, generate the private key component of the key -- * pair. In the terminology used in the DSA specification -- * (FIPS-186) seed is the XSEED quantity. -- * -- * @param seed the seed to use to generate the private key. -- */ -- BigInteger generateX(int[] seed, BigInteger q) { -- -- /* Test vector -- int[] tseed = { 0xbd029bbe, 0x7f51960b, 0xcf9edb2b, -- 0x61f06f0f, 0xeb5a38b6 }; -- seed = tseed; -- */ -- // check out t in the spec. -- int[] t = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, -- 0x10325476, 0xC3D2E1F0 }; -- // -- -- int[] tmp = DSA.SHA_7(seed, t); -- byte[] tmpBytes = new byte[tmp.length * 4]; -- for (int i = 0; i < tmp.length; i++) { -- int k = tmp[i]; -- for (int j = 0; j < 4; j++) { -- tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); -- } -- } -- BigInteger x = new BigInteger(1, tmpBytes).mod(q); -- return x; -- } -- -- /** -- * Generate the public key component y of the key pair. -- * -- * @param x the private key component. -- * -- * @param p the base parameter. -- */ -- BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) { -- BigInteger y = g.modPow(x, p); -- return y; -- } -- -- /** -- * Set the parameters. -- */ -- private void setParams(DSAParams params) { -- presetP = params.getP(); -- presetQ = params.getQ(); -- presetG = params.getG(); -- } -- -- /** -- * Set the parameters. -- */ -- private void setParams(DSAParameterSpec params) { -- presetP = params.getP(); -- presetQ = params.getQ(); -- presetG = params.getG(); -- } --} -diff --git a/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java b/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java -deleted file mode 100644 -index 5cd86c79..00000000 ---- a/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java -+++ /dev/null -@@ -1,298 +0,0 @@ --// --- BEGIN COPYRIGHT BLOCK --- --// This program is free software; you can redistribute it and/or modify --// it under the terms of the GNU General Public License as published by --// the Free Software Foundation; version 2 of the License. --// --// This program is distributed in the hope that it will be useful, --// but WITHOUT ANY WARRANTY; without even the implied warranty of --// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --// GNU General Public License for more details. --// --// You should have received a copy of the GNU General Public License along --// with this program; if not, write to the Free Software Foundation, Inc., --// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --// --// (C) 2007 Red Hat, Inc. --// All rights reserved. --// --- END COPYRIGHT BLOCK --- --package org.mozilla.jss.netscape.security.provider; -- --import java.math.BigInteger; --import java.security.AlgorithmParameterGeneratorSpi; --import java.security.AlgorithmParameters; --import java.security.InvalidAlgorithmParameterException; --import java.security.InvalidParameterException; --import java.security.NoSuchAlgorithmException; --import java.security.NoSuchProviderException; --import java.security.SecureRandom; --import java.security.spec.AlgorithmParameterSpec; --import java.security.spec.DSAParameterSpec; --import java.security.spec.InvalidParameterSpecException; -- --/* -- * This class generates parameters for the DSA algorithm. It uses a default -- * prime modulus size of 1024 bits, which can be overwritten during -- * initialization. -- * -- * @author Jan Luehe -- * -- * @version 1.4, 97/12/10 -- * -- * @see java.security.AlgorithmParameters -- * @see java.security.spec.AlgorithmParameterSpec -- * @see DSAParameters -- * -- * @since JDK1.2 -- */ -- --public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { -- -- // the modulus length -- private int modLen = 1024; // default -- -- // the source of randomness -- private SecureRandom random; -- -- // useful constants -- private static final BigInteger ONE = BigInteger.valueOf(1); -- private static final BigInteger TWO = BigInteger.valueOf(2); -- -- // Make a SHA-1 hash function -- private SHA sha; -- -- public DSAParameterGenerator() { -- this.sha = new SHA(); -- } -- -- /** -- * Initializes this parameter generator for a certain strength -- * and source of randomness. -- * -- * @param strength the strength (size of prime) in bits -- * @param random the source of randomness -- */ -- protected void engineInit(int strength, SecureRandom random) { -- /* -- * Bruce Schneier, "Applied Cryptography", 2nd Edition, -- * Description of DSA: -- * [...] The algorithm uses the following parameter: -- * p=a prime number L bits long, when L ranges from 512 to 1024 and is -- * a multiple of 64. [...] -- */ -- if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) { -- throw new InvalidParameterException("Prime size must range from 512 to 1024 " -- + "and be a multiple of 64"); -- } -- this.modLen = strength; -- this.random = random; -- } -- -- /** -- * Initializes this parameter generator with a set of -- * algorithm-specific parameter generation values. -- * -- * @param params the set of algorithm-specific parameter generation values -- * @param random the source of randomness -- * -- * @exception InvalidAlgorithmParameterException if the given parameter -- * generation values are inappropriate for this parameter generator -- */ -- protected void engineInit(AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException { -- throw new InvalidAlgorithmParameterException("Invalid parameter"); -- } -- -- /** -- * Generates the parameters. -- * -- * @return the new AlgorithmParameters object -- */ -- protected AlgorithmParameters engineGenerateParameters() { -- AlgorithmParameters algParams = null; -- try { -- if (this.random == null) { -- this.random = new SecureRandom(); -- } -- -- BigInteger[] pAndQ = generatePandQ(this.random, this.modLen); -- BigInteger paramP = pAndQ[0]; -- BigInteger paramQ = pAndQ[1]; -- BigInteger paramG = generateG(paramP, paramQ); -- -- DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP, -- paramQ, -- paramG); -- algParams = AlgorithmParameters.getInstance("DSA", "SUN"); -- algParams.init(dsaParamSpec); -- } catch (InvalidParameterSpecException e) { -- // this should never happen -- throw new RuntimeException(e.getMessage()); -- } catch (NoSuchAlgorithmException e) { -- // this should never happen, because we provide it -- throw new RuntimeException(e.getMessage()); -- } catch (NoSuchProviderException e) { -- // this should never happen, because we provide it -- throw new RuntimeException(e.getMessage()); -- } -- -- return algParams; -- } -- -- /* -- * Generates the prime and subprime parameters for DSA, -- * using the provided source of randomness. -- * This method will generate new seeds until a suitable -- * seed has been found. -- * -- * @param random the source of randomness to generate the -- * seed -- * @param L the size of p, in bits. -- * -- * @return an array of BigInteger, with p at index 0 and -- * q at index 1. -- */ -- BigInteger[] generatePandQ(SecureRandom random, int L) { -- BigInteger[] result = null; -- byte[] seed = new byte[20]; -- -- while (result == null) { -- for (int i = 0; i < 20; i++) { -- seed[i] = (byte) random.nextInt(); -- } -- result = generatePandQ(seed, L); -- } -- return result; -- } -- -- /* -- * Generates the prime and subprime parameters for DSA. -- * -- *

The seed parameter corresponds to the SEED parameter -- * referenced in the FIPS specification of the DSA algorithm, -- * and L is the size of p, in bits. -- * -- * @param seed the seed to generate the parameters -- * @param L the size of p, in bits. -- * -- * @return an array of BigInteger, with p at index 0, -- * q at index 1, the seed at index 2, and the counter value -- * at index 3, or null if the seed does not yield suitable numbers. -- */ -- BigInteger[] generatePandQ(byte[] seed, int L) { -- -- /* Useful variables */ -- int g = seed.length * 8; -- int n = (L - 1) / 160; -- int b = (L - 1) % 160; -- -- BigInteger SEED = new BigInteger(1, seed); -- BigInteger TWOG = TWO.pow(2 * g); -- -- /* Step 2 (Step 1 is getting seed). */ -- byte[] U1 = SHA(seed); -- byte[] U2 = SHA(toByteArray((SEED.add(ONE)).mod(TWOG))); -- -- xor(U1, U2); -- byte[] U = U1; -- -- /* Step 3: For q by setting the msb and lsb to 1 */ -- U[0] |= 0x80; -- U[19] |= 1; -- BigInteger q = new BigInteger(1, U); -- -- /* Step 5 */ -- if (!q.isProbablePrime(40)) { -- return null; -- -- } else { -- BigInteger V[] = new BigInteger[n + 1]; -- BigInteger offset = TWO; -- -- /* Step 6 */ -- for (int counter = 0; counter < 4096; counter++) { -- -- /* Step 7 */ -- for (int k = 0; k <= n; k++) { -- BigInteger K = BigInteger.valueOf(k); -- BigInteger tmp = (SEED.add(offset).add(K)).mod(TWOG); -- V[k] = new BigInteger(1, SHA(toByteArray(tmp))); -- } -- -- /* Step 8 */ -- BigInteger W = V[0]; -- for (int i = 1; i < n; i++) { -- W = W.add(V[i].multiply(TWO.pow(i * 160))); -- } -- W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * 160))); -- -- BigInteger TWOLm1 = TWO.pow(L - 1); -- BigInteger X = W.add(TWOLm1); -- -- /* Step 9 */ -- BigInteger c = X.mod(q.multiply(TWO)); -- BigInteger p = X.subtract(c.subtract(ONE)); -- -- /* Step 10 - 13 */ -- if (p.compareTo(TWOLm1) > -1 && p.isProbablePrime(15)) { -- BigInteger[] result = { p, q, SEED, -- BigInteger.valueOf(counter) }; -- return result; -- } -- offset = offset.add(BigInteger.valueOf(n)).add(ONE); -- } -- return null; -- } -- } -- -- /* -- * Generates the g parameter for DSA. -- * -- * @param p the prime, p. -- * @param q the subprime, q. -- * -- * @param the g -- */ -- BigInteger generateG(BigInteger p, BigInteger q) { -- BigInteger h = ONE; -- BigInteger pMinusOneOverQ = (p.subtract(ONE)).divide(q); -- BigInteger g = ONE; -- while (g.compareTo(TWO) < 0) { -- g = h.modPow(pMinusOneOverQ, p); -- h = h.add(ONE); -- } -- return g; -- } -- -- /* -- * Returns the SHA-1 digest of some data -- */ -- private byte[] SHA(byte[] array) { -- sha.engineReset(); -- sha.engineUpdate(array, 0, array.length); -- return sha.engineDigest(); -- } -- -- /* -- * Converts the result of a BigInteger.toByteArray call to an exact -- * signed magnitude representation for any positive number. -- */ -- private byte[] toByteArray(BigInteger bigInt) { -- byte[] result = bigInt.toByteArray(); -- if (result[0] == 0) { -- byte[] tmp = new byte[result.length - 1]; -- System.arraycopy(result, 1, tmp, 0, tmp.length); -- result = tmp; -- } -- return result; -- } -- -- /* -- * XORs U2 into U1 -- */ -- private void xor(byte[] U1, byte[] U2) { -- for (int i = 0; i < U1.length; i++) { -- U1[i] ^= U2[i]; -- } -- } --} -diff --git a/org/mozilla/jss/netscape/security/provider/MD5.java b/org/mozilla/jss/netscape/security/provider/MD5.java -deleted file mode 100644 -index d46da4fc..00000000 ---- a/org/mozilla/jss/netscape/security/provider/MD5.java -+++ /dev/null -@@ -1,378 +0,0 @@ --// --- BEGIN COPYRIGHT BLOCK --- --// This program is free software; you can redistribute it and/or modify --// it under the terms of the GNU General Public License as published by --// the Free Software Foundation; version 2 of the License. --// --// This program is distributed in the hope that it will be useful, --// but WITHOUT ANY WARRANTY; without even the implied warranty of --// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --// GNU General Public License for more details. --// --// You should have received a copy of the GNU General Public License along --// with this program; if not, write to the Free Software Foundation, Inc., --// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --// --// (C) 2007 Red Hat, Inc. --// All rights reserved. --// --- END COPYRIGHT BLOCK --- --package org.mozilla.jss.netscape.security.provider; -- --import java.security.DigestException; --import java.security.MessageDigestSpi; -- --/** -- * The MD5 class is used to compute an MD5 message digest over a given -- * buffer of bytes. It is an implementation of the RSA Data Security Inc -- * MD5 algorithim as described in internet RFC 1321. -- * -- * @version 1.24 97/12/10 -- * @author Chuck McManis -- * @author Benjamin Renaud -- */ -- --public final class MD5 extends MessageDigestSpi implements Cloneable { -- -- /** contains the computed message digest */ -- private byte[] digestBits; -- -- private int state[]; -- private long count; // bit count AND buffer[] index aid -- private byte buffer[]; -- private int transformBuffer[]; -- -- private static final int S11 = 7; -- private static final int S12 = 12; -- private static final int S13 = 17; -- private static final int S14 = 22; -- private static final int S21 = 5; -- private static final int S22 = 9; -- private static final int S23 = 14; -- private static final int S24 = 20; -- private static final int S31 = 4; -- private static final int S32 = 11; -- private static final int S33 = 16; -- private static final int S34 = 23; -- private static final int S41 = 6; -- private static final int S42 = 10; -- private static final int S43 = 15; -- private static final int S44 = 21; -- -- private static final int MD5_LENGTH = 16; -- -- /** -- * Standard constructor, creates a new MD5 instance, allocates its -- * buffers from the heap. -- */ -- public MD5() { -- init(); -- } -- -- /* ********************************************************** -- * The MD5 Functions. These are copied verbatim from -- * the RFC to insure accuracy. The results of this -- * implementation were checked against the RSADSI version. -- * ********************************************************** -- */ -- -- private int F(int x, int y, int z) { -- return ((x & y) | ((~x) & z)); -- } -- -- private int G(int x, int y, int z) { -- return ((x & z) | (y & (~z))); -- } -- -- private int H(int x, int y, int z) { -- return ((x ^ y) ^ z); -- } -- -- private int I(int x, int y, int z) { -- return (y ^ (x | (~z))); -- } -- -- private int rotateLeft(int a, int n) { -- return ((a << n) | (a >>> (32 - n))); -- } -- -- private int FF(int a, int b, int c, int d, int x, int s, int ac) { -- a += F(b, c, d) + x + ac; -- a = rotateLeft(a, s); -- a += b; -- return a; -- } -- -- private int GG(int a, int b, int c, int d, int x, int s, int ac) { -- a += G(b, c, d) + x + ac; -- a = rotateLeft(a, s); -- a += b; -- return a; -- } -- -- private int HH(int a, int b, int c, int d, int x, int s, int ac) { -- a += H(b, c, d) + x + ac; -- a = rotateLeft(a, s); -- a += b; -- return a; -- } -- -- private int II(int a, int b, int c, int d, int x, int s, int ac) { -- a += I(b, c, d) + x + ac; -- a = rotateLeft(a, s); -- a += b; -- return a; -- } -- -- /** -- * This is where the functions come together as the generic MD5 -- * transformation operation, it is called by update() which is -- * synchronized (to protect transformBuffer). It consumes sixteen -- * bytes from the buffer, beginning at the specified offset. -- */ -- void transform(byte buf[], int offset) { -- int a, b, c, d; -- int x[] = transformBuffer; -- -- a = state[0]; -- b = state[1]; -- c = state[2]; -- d = state[3]; -- -- for (int i = 0; i < 16; i++) { -- x[i] = buf[i * 4 + offset] & 0xff; -- for (int j = 1; j < 4; j++) { -- x[i] += (buf[i * 4 + j + offset] & 0xff) << (j * 8); -- } -- } -- -- /* Round 1 */ -- a = FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ -- d = FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ -- c = FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ -- b = FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ -- a = FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ -- d = FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ -- c = FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ -- b = FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ -- a = FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ -- d = FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ -- c = FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ -- b = FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ -- a = FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ -- d = FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ -- c = FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ -- b = FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ -- -- /* Round 2 */ -- a = GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ -- d = GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ -- c = GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ -- b = GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ -- a = GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ -- d = GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ -- c = GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ -- b = GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ -- a = GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ -- d = GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ -- c = GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ -- b = GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ -- a = GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ -- d = GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ -- c = GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ -- b = GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ -- -- /* Round 3 */ -- a = HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ -- d = HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ -- c = HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ -- b = HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ -- a = HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ -- d = HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ -- c = HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ -- b = HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ -- a = HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ -- d = HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ -- c = HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ -- b = HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ -- a = HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ -- d = HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ -- c = HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ -- b = HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ -- -- /* Round 4 */ -- a = II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ -- d = II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ -- c = II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ -- b = II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ -- a = II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ -- d = II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ -- c = II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ -- b = II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ -- a = II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ -- d = II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ -- c = II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ -- b = II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ -- a = II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ -- d = II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ -- c = II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ -- b = II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ -- -- state[0] += a; -- state[1] += b; -- state[2] += c; -- state[3] += d; -- } -- -- /** -- * Initialize the MD5 state information and reset the bit count -- * to 0. Given this implementation you are constrained to counting -- * 2^64 bits. -- */ -- public void init() { -- state = new int[4]; -- transformBuffer = new int[16]; -- synchronized (this) { -- buffer = new byte[64]; -- } -- digestBits = new byte[16]; -- count = 0; -- // Load magic initialization constants. -- state[0] = 0x67452301; -- state[1] = 0xefcdab89; -- state[2] = 0x98badcfe; -- state[3] = 0x10325476; -- for (int i = 0; i < digestBits.length; i++) -- digestBits[i] = 0; -- } -- -- protected void engineReset() { -- init(); -- } -- -- /** -- * Return the digest length in bytes -- */ -- protected int engineGetDigestLength() { -- return (MD5_LENGTH); -- } -- -- /** -- * Update adds the passed byte to the digested data. -- */ -- protected synchronized void engineUpdate(byte b) { -- int index; -- -- index = (int) ((count >>> 3) & 0x3f); -- count += 8; -- buffer[index] = b; -- if (index >= 63) { -- transform(buffer, 0); -- } -- } -- -- /** -- * Update adds the selected part of an array of bytes to the digest. -- * This version is more efficient than the byte-at-a-time version; -- * it avoids data copies and reduces per-byte call overhead. -- */ -- protected synchronized void engineUpdate(byte input[], int offset, -- int len) { -- int i; -- -- for (i = offset; len > 0;) { -- int index = (int) ((count >>> 3) & 0x3f); -- -- if (index == 0 && len > 64) { -- count += (64 * 8); -- transform(input, i); -- len -= 64; -- i += 64; -- } else { -- count += 8; -- buffer[index] = input[i]; -- if (index >= 63) -- transform(buffer, 0); -- i++; -- len--; -- } -- } -- } -- -- /** -- * Perform the final computations, any buffered bytes are added -- * to the digest, the count is added to the digest, and the resulting -- * digest is stored. After calling final you will need to call -- * init() again to do another digest. -- */ -- private void finish() { -- byte bits[] = new byte[8]; -- byte padding[]; -- int i, index, padLen; -- -- for (i = 0; i < 8; i++) { -- bits[i] = (byte) ((count >>> (i * 8)) & 0xff); -- } -- -- index = (int) (count >> 3) & 0x3f; -- padLen = (index < 56) ? (56 - index) : (120 - index); -- padding = new byte[padLen]; -- padding[0] = (byte) 0x80; -- engineUpdate(padding, 0, padding.length); -- engineUpdate(bits, 0, bits.length); -- -- for (i = 0; i < 4; i++) { -- for (int j = 0; j < 4; j++) { -- digestBits[i * 4 + j] = (byte) ((state[i] >>> (j * 8)) & 0xff); -- } -- } -- } -- -- /** -- */ -- protected byte[] engineDigest() { -- finish(); -- -- byte[] result = new byte[MD5_LENGTH]; -- System.arraycopy(digestBits, 0, result, 0, MD5_LENGTH); -- -- init(); -- -- return result; -- } -- -- /** -- */ -- protected int engineDigest(byte[] buf, int offset, int len) -- throws DigestException { -- finish(); -- -- if (len < MD5_LENGTH) -- throw new DigestException("partial digests not returned"); -- if (buf.length - offset < MD5_LENGTH) -- throw new DigestException("insufficient space in the output " + -- "buffer to store the digest"); -- -- System.arraycopy(digestBits, 0, buf, offset, MD5_LENGTH); -- -- init(); -- -- return MD5_LENGTH; -- } -- -- /* -- * Clones this object. -- */ -- public Object clone() { -- MD5 that = null; -- try { -- that = (MD5) super.clone(); -- that.state = this.state.clone(); -- that.transformBuffer = this.transformBuffer.clone(); -- that.buffer = this.buffer.clone(); -- that.digestBits = this.digestBits.clone(); -- that.count = this.count; -- return that; -- } catch (CloneNotSupportedException e) { -- } -- return that; -- } --} -diff --git a/org/mozilla/jss/netscape/security/provider/SHA.java b/org/mozilla/jss/netscape/security/provider/SHA.java -deleted file mode 100644 -index a911e386..00000000 ---- a/org/mozilla/jss/netscape/security/provider/SHA.java -+++ /dev/null -@@ -1,349 +0,0 @@ --// --- BEGIN COPYRIGHT BLOCK --- --// This program is free software; you can redistribute it and/or modify --// it under the terms of the GNU General Public License as published by --// the Free Software Foundation; version 2 of the License. --// --// This program is distributed in the hope that it will be useful, --// but WITHOUT ANY WARRANTY; without even the implied warranty of --// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --// GNU General Public License for more details. --// --// You should have received a copy of the GNU General Public License along --// with this program; if not, write to the Free Software Foundation, Inc., --// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --// --// (C) 2007 Red Hat, Inc. --// All rights reserved. --// --- END COPYRIGHT BLOCK --- --package org.mozilla.jss.netscape.security.provider; -- --import java.security.DigestException; --import java.security.MessageDigestSpi; -- --/** -- * This class implements the Secure Hash Algorithm (SHA) developed by -- * the National Institute of Standards and Technology along with the -- * National Security Agency. This is the updated version of SHA -- * fip-180 as superseded by fip-180-1. -- * -- *

-- * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable -- * implementation, as a filter for the digest stream classes. -- * -- * @version 1.30 97/12/10 -- * @author Roger Riggs -- * @author Benjamin Renaud -- */ -- --public class SHA extends MessageDigestSpi implements Cloneable { -- -- /* This private hookm controlled by the appropriate constructor, -- causes this class to implement the first version of SHA, -- as defined in FIPS 180, as opposed to FIPS 180-1. This was -- useful for DSA testing. */ -- private int version = 1; -- -- private static final int SHA_LENGTH = 20; -- -- // Buffer of int's and count of characters accumulated -- // 64 bytes are included in each hash block so the low order -- // bits of count are used to know how to pack the bytes into ints -- // and to know when to compute the block and start the next one. -- private int W[] = new int[80]; -- private long count = 0; -- private final int countmax = 64; -- private final int countmask = (countmax - 1); -- -- private int AA, BB, CC, DD, EE; -- -- SHA(int version) { -- this(); -- this.version = version; -- } -- -- /** -- * Creates a new SHA object. -- */ -- public SHA() { -- init(); -- } -- -- /** -- * Return the length of the digest in bytes -- */ -- protected int engineGetDigestLength() { -- return (SHA_LENGTH); -- } -- -- public void engineUpdate(byte b) { -- engineUpdate((int) b); -- } -- -- /** -- * Update a byte. -- * -- * @param b the byte -- */ -- private void engineUpdate(int b) { -- int word; -- int offset; -- -- /* compute word offset and bit offset within word the low bits -- of count are inverted to make put the bytes in the write -- order */ -- word = ((int) count & countmask) >>> 2; -- offset = (~(int) count & 3) << 3; -- -- W[word] = (W[word] & ~(0xff << offset)) | ((b & 0xff) << offset); -- -- /* If this is the last byte of a block, compute the partial hash */ -- if (((int) count & countmask) == countmask) { -- computeBlock(); -- } -- count++; -- } -- -- /** -- * Update a buffer. -- * -- * @param b the data to be updated. -- * @param off the start offset in the data -- * @param len the number of bytes to be updated. -- */ -- public void engineUpdate(byte b[], int off, int len) { -- int word; -- -- if ((off < 0) || (len < 0) || (off + len > b.length)) -- throw new ArrayIndexOutOfBoundsException(); -- -- // Use single writes until integer aligned -- while ((len > 0) && -- ((int) count & 3) != 0) { -- engineUpdate(b[off]); -- off++; -- len--; -- } -- -- /* Assemble groups of 4 bytes to be inserted in integer array */ -- for (; len >= 4; len -= 4, off += 4) { -- -- word = ((int) count & countmask) >> 2; -- -- W[word] = ((b[off] & 0xff) << 24) | -- ((b[off + 1] & 0xff) << 16) | -- ((b[off + 2] & 0xff) << 8) | -- ((b[off + 3] & 0xff)); -- -- count += 4; -- if (((int) count & countmask) == 0) { -- computeBlock(); -- } -- } -- -- /* Use single writes for last few bytes */ -- for (; len > 0; len--, off++) { -- engineUpdate(b[off]); -- } -- } -- -- /** -- * Resets the buffers and hash value to start a new hash. -- */ -- public void init() { -- AA = 0x67452301; -- BB = 0xefcdab89; -- CC = 0x98badcfe; -- DD = 0x10325476; -- EE = 0xc3d2e1f0; -- -- for (int i = 0; i < 80; i++) -- W[i] = 0; -- count = 0; -- } -- -- /** -- * Resets the buffers and hash value to start a new hash. -- */ -- public void engineReset() { -- init(); -- } -- -- /** -- * Computes the final hash and returns the final value as a -- * byte[20] array. The object is reset to be ready for further -- * use, as specified in the JavaSecurity MessageDigest -- * specification. -- */ -- public byte[] engineDigest() { -- byte hashvalue[] = new byte[SHA_LENGTH]; -- -- try { -- engineDigest(hashvalue, 0, hashvalue.length); -- } catch (DigestException e) { -- throw new InternalError(""); -- } -- return hashvalue; -- } -- -- /** -- * Computes the final hash and returns the final value as a -- * byte[20] array. The object is reset to be ready for further -- * use, as specified in the JavaSecurity MessageDigest -- * specification. -- */ -- public int engineDigest(byte[] hashvalue, int offset, int len) -- throws DigestException { -- -- if (len < SHA_LENGTH) -- throw new DigestException("partial digests not returned"); -- if (hashvalue.length - offset < SHA_LENGTH) -- throw new DigestException("insufficient space in the output " + -- "buffer to store the digest"); -- -- /* The number of bits before padding occurs */ -- long bits = count << 3; -- -- engineUpdate(0x80); -- -- /* Pad with zeros until length is a multiple of 448 (the last two -- 32 ints are used a holder for bits (see above). */ -- while ((int) (count & countmask) != 56) { -- engineUpdate(0); -- } -- -- W[14] = (int) (bits >>> 32); -- W[15] = (int) (bits & 0xffffffff); -- -- count += 8; -- computeBlock(); -- -- // Copy out the result -- hashvalue[offset + 0] = (byte) (AA >>> 24); -- hashvalue[offset + 1] = (byte) (AA >>> 16); -- hashvalue[offset + 2] = (byte) (AA >>> 8); -- hashvalue[offset + 3] = (byte) (AA >>> 0); -- -- hashvalue[offset + 4] = (byte) (BB >>> 24); -- hashvalue[offset + 5] = (byte) (BB >>> 16); -- hashvalue[offset + 6] = (byte) (BB >>> 8); -- hashvalue[offset + 7] = (byte) (BB >>> 0); -- -- hashvalue[offset + 8] = (byte) (CC >>> 24); -- hashvalue[offset + 9] = (byte) (CC >>> 16); -- hashvalue[offset + 10] = (byte) (CC >>> 8); -- hashvalue[offset + 11] = (byte) (CC >>> 0); -- -- hashvalue[offset + 12] = (byte) (DD >>> 24); -- hashvalue[offset + 13] = (byte) (DD >>> 16); -- hashvalue[offset + 14] = (byte) (DD >>> 8); -- hashvalue[offset + 15] = (byte) (DD >>> 0); -- -- hashvalue[offset + 16] = (byte) (EE >>> 24); -- hashvalue[offset + 17] = (byte) (EE >>> 16); -- hashvalue[offset + 18] = (byte) (EE >>> 8); -- hashvalue[offset + 19] = (byte) (EE >>> 0); -- -- engineReset(); // remove the evidence -- -- return SHA_LENGTH; -- } -- -- // Constants for each round -- private final int round1_kt = 0x5a827999; -- private final int round2_kt = 0x6ed9eba1; -- private final int round3_kt = 0x8f1bbcdc; -- private final int round4_kt = 0xca62c1d6; -- -- /** -- * Compute a the hash for the current block. -- * -- * This is in the same vein as Peter Gutmann's algorithm listed in -- * the back of Applied Cryptography, Compact implementation of -- * "old" NIST Secure Hash Algorithm. -- * -- */ -- private void computeBlock() { -- int temp, a, b, c, d, e; -- -- // The first 16 ints have the byte stream, compute the rest of -- // the buffer -- for (int t = 16; t <= 79; t++) { -- if (version == 0) { -- W[t] = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; -- } else { -- temp = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; -- W[t] = ((temp << 1) | (temp >>> (32 - 1))); -- } -- } -- -- a = AA; -- b = BB; -- c = CC; -- d = DD; -- e = EE; -- -- // Round 1 -- for (int i = 0; i < 20; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- ((b & c) | ((~b) & d)) + e + W[i] + round1_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- -- // Round 2 -- for (int i = 20; i < 40; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- (b ^ c ^ d) + e + W[i] + round2_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- -- // Round 3 -- for (int i = 40; i < 60; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- ((b & c) | (b & d) | (c & d)) + e + W[i] + round3_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- -- // Round 4 -- for (int i = 60; i < 80; i++) { -- temp = ((a << 5) | (a >>> (32 - 5))) + -- (b ^ c ^ d) + e + W[i] + round4_kt; -- e = d; -- d = c; -- c = ((b << 30) | (b >>> (32 - 30))); -- b = a; -- a = temp; -- } -- AA += a; -- BB += b; -- CC += c; -- DD += d; -- EE += e; -- } -- -- /* -- * Clones this object. -- */ -- public Object clone() { -- SHA that = null; -- try { -- that = (SHA) super.clone(); -- that.W = new int[80]; -- System.arraycopy(this.W, 0, that.W, 0, W.length); -- return that; -- } catch (CloneNotSupportedException e) { -- } -- return that; -- } --} -diff --git a/org/mozilla/jss/netscape/security/provider/Sun.java b/org/mozilla/jss/netscape/security/provider/Sun.java -index 94e72ef4..dd12d26d 100644 ---- a/org/mozilla/jss/netscape/security/provider/Sun.java -+++ b/org/mozilla/jss/netscape/security/provider/Sun.java -@@ -68,54 +68,11 @@ public final class Sun extends Provider { - - // AccessController.beginPrivileged(); - -- /* -- * Signature engines -- */ -- put("Signature.DSA", "org.mozilla.jss.netscape.security.provider.DSA"); -- -- put("Alg.Alias.Signature.SHA/DSA", "DSA"); -- put("Alg.Alias.Signature.SHA1/DSA", "DSA"); -- put("Alg.Alias.Signature.SHA-1/DSA", "DSA"); -- put("Alg.Alias.Signature.DSS", "DSA"); -- put("Alg.Alias.Signature.OID.1.3.14.3.2.13", "DSA"); -- put("Alg.Alias.Signature.OID.1.3.14.3.2.27", "DSA"); -- put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "DSA"); -- // the following are not according to our formal spec but -- // are still supported -- put("Alg.Alias.Signature.1.3.14.3.2.13", "DSA"); -- put("Alg.Alias.Signature.1.3.14.3.2.27", "DSA"); -- put("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); -- put("Alg.Alias.Signature.SHAwithDSA", "DSA"); -- put("Alg.Alias.Signature.SHA1withDSA", "DSA"); -- -- /* -- * Key Pair Generator engines -- */ -- put("KeyPairGenerator.DSA", -- "org.mozilla.jss.netscape.security.provider.DSAKeyPairGenerator"); -- -- put("Alg.Alias.KeyPairGenerator.OID.1.3.14.3.2.12", "DSA"); -- put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); - // the following are not according to our formal spec but - // are still supported - put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); - put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); - -- /* -- * Digest engines -- */ -- put("MessageDigest.MD5", "org.mozilla.jss.netscape.security.provider.MD5"); -- put("MessageDigest.SHA-1", "org.mozilla.jss.netscape.security.provider.SHA"); -- -- put("Alg.Alias.MessageDigest.SHA", "SHA-1"); -- put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); -- -- /* -- * Algorithm Parameter Generator engines -- */ -- put("AlgorithmParameterGenerator.DSA", -- "org.mozilla.jss.netscape.security.provider.DSAParameterGenerator"); -- - /* - * Algorithm Parameter engines - */ --- -2.21.0 - diff --git a/SOURCES/0003-Use-specified-algorithm-for-KeyWrap.patch b/SOURCES/0003-Use-specified-algorithm-for-KeyWrap.patch new file mode 100644 index 0000000..3f598a9 --- /dev/null +++ b/SOURCES/0003-Use-specified-algorithm-for-KeyWrap.patch @@ -0,0 +1,60 @@ +From 55482c8bfa0addeb9db7b590703ba3704c5db167 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Fri, 28 Feb 2020 14:39:29 -0500 +Subject: [PATCH 2/2] Use specified algorithm for KeyWrap + +When the token-specified from of EncryptedPrivateKeyInfo.createPBE is +called, it would always request DES3_CBC_PAD as the key wrapping +algorithm, regardless of the input PBE key type. However, the other form +(with an implicit token) was correctly handling this case. + +Introduces a new KeyWrapAlgorithm method to take an OBJECT_IDENTIFIER +instead of having to convert to/from a String form. + +Signed-off-by: Alexander Scheel +--- + org/mozilla/jss/crypto/KeyWrapAlgorithm.java | 5 ++++- + org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++-- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java +index 3113f614..3a106977 100644 +--- a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java ++++ b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java +@@ -138,7 +138,10 @@ public class KeyWrapAlgorithm extends Algorithm { + + public static KeyWrapAlgorithm fromOID(String wrapOID) throws NoSuchAlgorithmException { + OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER(wrapOID); ++ return fromOID(oid); ++ } + ++ public static KeyWrapAlgorithm fromOID(OBJECT_IDENTIFIER oid) throws NoSuchAlgorithmException { + if (oid.equals(AES_KEY_WRAP_PAD_OID)) + return AES_KEY_WRAP_PAD; + +@@ -154,6 +157,6 @@ public class KeyWrapAlgorithm extends Algorithm { + if (oid.equals(DES_CBC_PAD_OID)) + return DES_CBC_PAD; + +- throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + wrapOID); ++ throw new NoSuchAlgorithmException("Unknown Algorithm for OID: " + oid); + } + } +diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +index ebd269f3..abfc39a7 100644 +--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java ++++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +@@ -337,8 +337,8 @@ public class EncryptedPrivateKeyInfo implements ASN1Value { + } + } + +- KeyWrapper wrapper = token.getKeyWrapper( +- KeyWrapAlgorithm.DES3_CBC_PAD); ++ // wrap the key ++ KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.fromOID(encAlg.toOID())); + wrapper.initWrap(key, params); + byte encrypted[] = wrapper.wrap(pri); + +-- +2.24.1 + diff --git a/SOURCES/0004-JSS-CVE-2019-14823-fix.patch b/SOURCES/0004-JSS-CVE-2019-14823-fix.patch deleted file mode 100644 index 10218a0..0000000 --- a/SOURCES/0004-JSS-CVE-2019-14823-fix.patch +++ /dev/null @@ -1,346 +0,0 @@ -From 233795b098a17269f8495fee312fe6df404a236d Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Wed, 4 Sep 2019 08:33:14 -0400 -Subject: [PATCH] Fix root certificate validation - -When the Leaf and Chain OCSP checking policy is enabled in -CryptoManager, JSS will switch to alternative certificate verification -logic in JSSL_DefaultCertAuthCallback. In this method, the root -certificate was incorrectly trusted without being verified to exist in -the trust store. - -This patch cleans up the logic in JSSL_verifyCertPKIX and makes it -more explicit in addition to fixing the error. - -Fixes CVE-2019-14823 - -Signed-off-by: Alexander Scheel ---- - org/mozilla/jss/ssl/common.c | 239 ++++++++++++++++++++--------------- - 1 file changed, 136 insertions(+), 103 deletions(-) - -diff --git a/org/mozilla/jss/ssl/common.c b/org/mozilla/jss/ssl/common.c -index 1bbfed45..2db9fda1 100644 ---- a/org/mozilla/jss/ssl/common.c -+++ b/org/mozilla/jss/ssl/common.c -@@ -904,7 +904,6 @@ finish: - } - - /* Get the trusted anchor for pkix */ -- - CERTCertificate *getRoot(CERTCertificate *cert, - SECCertUsage certUsage) - { -@@ -938,79 +937,84 @@ finish: - return root; - } - --/* Verify a cert using explicit PKIX call. -- * For now only used in OCSP AIA context. -- * The result of this call will be a full chain -- * and leaf network AIA ocsp validation. -- * The policy param will be used in the future to -- * handle more scenarios. -- */ -- --SECStatus JSSL_verifyCertPKIX(CERTCertificate *cert, -- SECCertificateUsage certificateUsage,secuPWData *pwdata, int ocspPolicy, -- CERTVerifyLog *log, SECCertificateUsage *usage) -+/* Internal helper for the below call. */ -+static SECStatus -+JSSL_verifyCertPKIXInternal(CERTCertificate *cert, -+ SECCertificateUsage certificateUsage, secuPWData *pwdata, int ocspPolicy, -+ CERTVerifyLog *log, SECCertificateUsage *usage, -+ CERTCertList *trustedCertList) - { -- -- /* put the first set of possible flags internally here first */ -- /* later there could be a more complete list to choose from */ -- /* support our hard core fetch aia ocsp policy for now */ -- -- static PRUint64 ocsp_Enabled_Hard_Policy_LeafFlags[2] = { -+ /* Put the first set of possible flags internally here first. Later -+ * there could be a more complete list to choose from; for now we only -+ * support our hard core fetch AIA OCSP policy. Note that we disable -+ * CRL fetching as Dogtag doesn't support it. Additionally, enable OCSP -+ * checking on the chained CA certificates. Since NSS/PKIX's -+ * CERT_GetClassicOCSPEnabledHardFailurePolicy doesn't do what we want, -+ * we construct the policy ourselves. */ -+ PRUint64 ocsp_Enabled_Hard_Policy_LeafFlags[2] = { - /* crl */ -- 0, -+ CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD, - /* ocsp */ - CERT_REV_M_TEST_USING_THIS_METHOD | -- CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO -+ CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO - }; - -- static PRUint64 ocsp_Enabled_Hard_Policy_ChainFlags[2] = { -+ PRUint64 ocsp_Enabled_Hard_Policy_ChainFlags[2] = { - /* crl */ -- 0, -+ CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD, - /* ocsp */ - CERT_REV_M_TEST_USING_THIS_METHOD | -- CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO -+ CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO - }; - -- static CERTRevocationMethodIndex -- ocsp_Enabled_Hard_Policy_Method_Preference = { -- cert_revocation_method_ocsp -- }; -- -- static CERTRevocationFlags ocsp_Enabled_Hard_Policy = { -- { /* leafTests */ -- 2, -- ocsp_Enabled_Hard_Policy_LeafFlags, -- 1, -- &ocsp_Enabled_Hard_Policy_Method_Preference, -- 0 }, -- { /* chainTests */ -- 2, -- ocsp_Enabled_Hard_Policy_ChainFlags, -- 1, -- &ocsp_Enabled_Hard_Policy_Method_Preference, -- 0 } -+ CERTRevocationMethodIndex ocsp_Enabled_Hard_Policy_Method_Preference[1] = { -+ cert_revocation_method_ocsp - }; - -- /* for future expansion */ -+ CERTRevocationFlags ocsp_Enabled_Hard_Policy = { -+ /* CERTRevocationTests - leafTests */ -+ { -+ /* number_of_defined_methods */ -+ 2, -+ /* cert_rev_flags_per_method */ -+ ocsp_Enabled_Hard_Policy_LeafFlags, -+ /* number_of_preferred_methods */ -+ 1, -+ /* preferred_methods */ -+ ocsp_Enabled_Hard_Policy_Method_Preference, -+ /* cert_rev_method_independent_flags */ -+ 0 -+ }, -+ /* CERTRevocationTests - chainTests */ -+ { -+ /* number_of_defined_methods */ -+ 2, -+ /* cert_rev_flags_per_method */ -+ ocsp_Enabled_Hard_Policy_ChainFlags, -+ /* number_of_preferred_methods */ -+ 1, -+ /* preferred_methods */ -+ ocsp_Enabled_Hard_Policy_Method_Preference, -+ /* cert_rev_method_independent_flags */ -+ 0 -+ } -+ }; - -- CERTValOutParam cvout[20] = {{0}}; -- CERTValInParam cvin[20] = {{0}}; -+ /* The size of these objects are defined here based upon maximum possible -+ * inputs. A dynamic allocation could reallocate based upon actual usage, -+ * however this would affect the size by at most one or two. Note that, -+ * due to the required usage of cert_pi_end/cert_po_end, these sizes are -+ * inflated by one. */ -+ CERTValOutParam cvout[3] = {{0}}; -+ CERTValInParam cvin[6] = {{0}}; - -+ int usageIndex = -1; - int inParamIndex = 0; - int outParamIndex = 0; -- CERTRevocationFlags *rev = NULL; -- -- CERTCertList *trustedCertList = NULL; -- -- PRBool fetchCerts = PR_FALSE; - -- SECCertUsage certUsage = certUsageSSLClient /* 0 */; -- - SECStatus res = SECFailure; - -- CERTCertificate *root = NULL; -- -- if(cert == NULL) { -+ if (cert == NULL) { - goto finish; - } - -@@ -1018,93 +1022,122 @@ SECStatus JSSL_verifyCertPKIX(CERTCertificate *cert, - goto finish; - } - -- /* Force the strict ocsp network check on chain -- and leaf. -- */ -- -- fetchCerts = PR_TRUE; -- rev = &ocsp_Enabled_Hard_Policy; -- -- /* fetch aia over net */ -- -+ /* Enable live AIA fetching over the network. */ - cvin[inParamIndex].type = cert_pi_useAIACertFetch; -- cvin[inParamIndex].value.scalar.b = fetchCerts; -- inParamIndex++; -- -- /* time */ -+ cvin[inParamIndex].value.scalar.b = PR_TRUE; -+ inParamIndex++; - -+ /* By setting the time to zero, we choose the current time when the -+ * check is performed. */ - cvin[inParamIndex].type = cert_pi_date; -- cvin[inParamIndex].value.scalar.time = PR_Now(); -+ cvin[inParamIndex].value.scalar.time = 0; - inParamIndex++; - -- /* flags */ -- -+ /* Force the strict OCSP check on both the leaf and its chain. */ - cvin[inParamIndex].type = cert_pi_revocationFlags; -- cvin[inParamIndex].value.pointer.revocation = rev; -+ cvin[inParamIndex].value.pointer.revocation = &ocsp_Enabled_Hard_Policy; - inParamIndex++; - -- /* establish trust anchor */ -- -- /* We need to convert the SECCertificateUsage to a SECCertUsage to obtain -- * the root. -- */ -- -- SECCertificateUsage testUsage = certificateUsage; -- while (0 != (testUsage = testUsage >> 1)) { certUsage++; } -- -- root = getRoot(cert,certUsage); -- -- /* Try to add the root as the trust anchor so all the -- other memebers of the ca chain will get validated. -- */ -- -- if( root != NULL ) { -- trustedCertList = CERT_NewCertList(); -- CERT_AddCertToListTail(trustedCertList, root); -- -+ /* Establish a trust anchor if it is passed to us. NOTE: this trust anchor -+ * must previously be validated before it is passed to us here. */ -+ if (trustedCertList != NULL) { - cvin[inParamIndex].type = cert_pi_trustAnchors; - cvin[inParamIndex].value.pointer.chain = trustedCertList; -- - inParamIndex++; - } - -+ /* Done establishing input parameters. */ - cvin[inParamIndex].type = cert_pi_end; - -- if(log != NULL) { -+ /* When we need to log rationale for failure, pass it as an output -+ * parameter. */ -+ if (log != NULL) { - cvout[outParamIndex].type = cert_po_errorLog; - cvout[outParamIndex].value.pointer.log = log; - outParamIndex ++; - } - -- int usageIndex = 0; -- if(usage != NULL) { -+ /* When we need to inquire about the resulting certificate usage, pass it -+ * here. */ -+ if (usage != NULL) { - usageIndex = outParamIndex; - cvout[outParamIndex].type = cert_po_usages; - cvout[outParamIndex].value.scalar.usages = 0; - outParamIndex ++; - } - -+ /* Done establishing output parameters. */ - cvout[outParamIndex].type = cert_po_end; - -+ /* Call into NSS's PKIX library to validate our certificate. */ - res = CERT_PKIXVerifyCert(cert, certificateUsage, cvin, cvout, &pwdata); - - finish: -- /* clean up any trusted cert list */ -- -+ /* Clean up any certificates in the trusted certificate list. This was -+ * a passed input parameter, but by taking ownership of it and clearing it, -+ * we enable tail calls to this function. */ - if (trustedCertList) { -+ /* CERT_DestroyCertList destroys interior certs for us. */ - CERT_DestroyCertList(trustedCertList); - trustedCertList = NULL; - } - -- /* CERT_DestroyCertList destroys interior certs for us. */ -- -- if(root) { -- root = NULL; -- } -- -- if(res == SECSuccess && usage) { -+ if (res == SECSuccess && usage && usageIndex != -1) { - *usage = cvout[usageIndex].value.scalar.usages; - } - - return res; - } -+ -+/* Verify a cert using an explicit PKIX call. For now only perform this call -+ * when the OCSP policy is set to leaf and chain. Performs a blocking, online -+ * OCSP status refresh. The result of this call will be a full-chain OCSP -+ * validation. -+ * -+ * In the future, we'll use ocspPolicy to condition around additional policies -+ * and handle them all with this method (and a call to PKIX). -+ * -+ * Note that this currently requires the certificate to be added directly -+ * to the NSS DB. We can't otherwise validate against root certificates in -+ * the default NSS DB. -+ */ -+SECStatus JSSL_verifyCertPKIX(CERTCertificate *cert, -+ SECCertificateUsage certificateUsage, secuPWData *pwdata, int ocspPolicy, -+ CERTVerifyLog *log, SECCertificateUsage *usage) -+{ -+ SECCertUsage certUsage = certUsageSSLClient /* 0 */; -+ -+ /* We need to convert the SECCertificateUsage to a SECCertUsage to obtain -+ * the root. -+ */ -+ -+ SECCertificateUsage testUsage = certificateUsage; -+ while (0 != (testUsage = testUsage >> 1)) { certUsage++; } -+ -+ CERTCertificate *root = getRoot(cert, certUsage); -+ -+ // Two cases: either the root is present, or it isn't. -+ if (root == NULL) { -+ /* In this case, we've had a hard time finding the root. In all -+ * likelihood, the following call will fail to validate the end cert -+ * as well and thus fail to validate. I don't believe there's a risk -+ * in trying it however. */ -+ return JSSL_verifyCertPKIXInternal(cert, certificateUsage, pwdata, -+ ocspPolicy, log, usage, NULL); -+ } else { -+ /* In this case, we've found the root certificate. Before passing it -+ * to the leaf, explicitly validate it with strict OCSP checking. Then -+ * validate the leaf certificate with a known and trusted root -+ * certificate. */ -+ SECStatus ret = JSSL_verifyCertPKIXInternal(root, certificateUsageSSLCA, -+ pwdata, ocspPolicy, log, usage, NULL); -+ if (ret != SECSuccess) { -+ return ret; -+ } -+ -+ CERTCertList *rootList = CERT_NewCertList(); -+ CERT_AddCertToListTail(rootList, root); -+ return JSSL_verifyCertPKIXInternal(cert, certificateUsage, pwdata, -+ ocspPolicy, log, usage, rootList); -+ } -+} --- -2.21.0 - diff --git a/SOURCES/0004-Remove-token-key-checks.patch b/SOURCES/0004-Remove-token-key-checks.patch new file mode 100644 index 0000000..7353cce --- /dev/null +++ b/SOURCES/0004-Remove-token-key-checks.patch @@ -0,0 +1,112 @@ +From a3a91a8e85d7f05de3c85b0ae6ad1c80cf7c5b55 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Tue, 17 Mar 2020 12:54:49 -0400 +Subject: [PATCH 1/2] Remove token key checks + +Previously we enforced strict token key matching: the primary key used +for the operation must strictly reside on the current PKCS#11 token, +otherwise JSS would bail. However, NSS has the ability to move the key +to whichever token best supports the given operation. This means that +we'd prematurely bail when the operation would succeed if it were +actually executed. By removing these checks, we still leave the ability +to generate keys on a specific token, we just allow them to be used on +whatever token supports the given operation (and the key is allowed to +be moved to). + +Signed-off-by: Alexander Scheel +--- + org/mozilla/jss/pkcs11/PK11Cipher.java | 4 ---- + org/mozilla/jss/pkcs11/PK11KeyWrapper.java | 22 ------------------- + org/mozilla/jss/pkcs11/PK11MessageDigest.java | 7 ------ + 3 files changed, 33 deletions(-) + +diff --git a/org/mozilla/jss/pkcs11/PK11Cipher.java b/org/mozilla/jss/pkcs11/PK11Cipher.java +index 81b600a4..aac411a4 100644 +--- a/org/mozilla/jss/pkcs11/PK11Cipher.java ++++ b/org/mozilla/jss/pkcs11/PK11Cipher.java +@@ -262,10 +262,6 @@ public final class PK11Cipher extends org.mozilla.jss.crypto.Cipher { + if( key==null ) { + throw new InvalidKeyException("Key is null"); + } +- if( ! key.getOwningToken().equals(token) ) { +- throw new InvalidKeyException("Key does not reside on the "+ +- "current token"); +- } + if( ! (key instanceof PK11SymKey) ) { + throw new InvalidKeyException("Key is not a PKCS #11 key"); + } +diff --git a/org/mozilla/jss/pkcs11/PK11KeyWrapper.java b/org/mozilla/jss/pkcs11/PK11KeyWrapper.java +index 28840a87..eee2984d 100644 +--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.java ++++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.java +@@ -168,10 +168,6 @@ public final class PK11KeyWrapper implements KeyWrapper { + throw new InvalidKeyException("Key is null"); + } + try { +- if( ! key.getOwningToken().equals(token) ) { +- throw new InvalidKeyException("Key does not reside on the current token: key owning token="+ +- key.getOwningToken().getName()); +- } + if( ! (key instanceof PK11SymKey) ) { + throw new InvalidKeyException("Key is not a PKCS #11 key"); + } +@@ -196,10 +192,6 @@ public final class PK11KeyWrapper implements KeyWrapper { + if( key==null ) { + throw new InvalidKeyException("Key is null"); + } +- if( ! key.getOwningToken().equals(token) ) { +- throw new InvalidKeyException("Key does not reside on the "+ +- "current token"); +- } + if( ! (key instanceof PK11PrivKey) ) { + throw new InvalidKeyException("Key is not a PKCS #11 key"); + } +@@ -299,13 +291,6 @@ public final class PK11KeyWrapper implements KeyWrapper { + throw new InvalidKeyException("key to be wrapped is not a "+ + "PKCS #11 key"); + } +-/* NSS is capable of moving keys appropriately, +- so this call is prematurely bailing +- if( ! symKey.getOwningToken().equals(token) ) { +- throw new InvalidKeyException("key to be wrapped does not live"+ +- " on the same token as the wrapping key"); +- } +-*/ + } + + /** +@@ -320,13 +305,6 @@ public final class PK11KeyWrapper implements KeyWrapper { + throw new InvalidKeyException("key to be wrapped is not a "+ + "PKCS #11 key"); + } +-/* NSS is capable of moving keys appropriately, +- so this call is prematurely bailing +- if( ! privKey.getOwningToken().equals(token) ) { +- throw new InvalidKeyException("key to be wrapped does not live"+ +- " on the same token as the wrapping key"); +- } +-*/ + } + + /** +diff --git a/org/mozilla/jss/pkcs11/PK11MessageDigest.java b/org/mozilla/jss/pkcs11/PK11MessageDigest.java +index cd732788..7a1a6dad 100644 +--- a/org/mozilla/jss/pkcs11/PK11MessageDigest.java ++++ b/org/mozilla/jss/pkcs11/PK11MessageDigest.java +@@ -47,13 +47,6 @@ public final class PK11MessageDigest extends JSSMessageDigest { + } + + hmacKey = (PK11SymKey) key; +- +- if( ! key.getOwningToken().equals(token) ) { +- hmacKey = null; +- throw new InvalidKeyException( +- "HMAC key does not live on the same token as this digest"); +- } +- + this.digestProxy = initHMAC(token, alg, hmacKey); + } + +-- +2.25.1 + diff --git a/SOURCES/0005-Add-helper-to-run-a-single-test-case.patch b/SOURCES/0005-Add-helper-to-run-a-single-test-case.patch deleted file mode 100644 index 586a687..0000000 --- a/SOURCES/0005-Add-helper-to-run-a-single-test-case.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 7d1c481e947edf0786223ef43a359c8d5771a214 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Wed, 28 Aug 2019 09:23:41 -0400 -Subject: [PATCH 1/3] Add helper to run a single test case - -run_test.sh.in is templated by CMake to build/run_test.sh, fully -configured to your test execution environment. In particular, it writes -the classpath and loads the JSS native library. - -Signed-off-by: Alexander Scheel ---- - cmake/JSSConfig.cmake | 29 +++++++++++++++++++---------- - tools/run_test.sh.in | 15 +++++++++++++++ - 2 files changed, 34 insertions(+), 10 deletions(-) - create mode 100755 tools/run_test.sh.in - -diff --git a/cmake/JSSConfig.cmake b/cmake/JSSConfig.cmake -index 27b2a9bf..6295a6e3 100644 ---- a/cmake/JSSConfig.cmake -+++ b/cmake/JSSConfig.cmake -@@ -13,6 +13,9 @@ macro(jss_config) - - # Configure java-related flags - jss_config_java() -+ -+ # Template auto-generated files -+ jss_config_template() - endmacro() - - macro(jss_config_version MAJOR MINOR PATCH BETA) -@@ -45,16 +48,6 @@ macro(jss_config_version MAJOR MINOR PATCH BETA) - set(JSS_VERSION "${JSS_VERSION} beta ${JSS_VERSION_BETA}") - set(JSS_VERSION_STR "${JSS_VERSION_STR}_b${JSS_VERSION_BETA}") - endif() -- -- # Template files -- configure_file( -- "${PROJECT_SOURCE_DIR}/org/mozilla/jss/util/jssver.h.in" -- "${PROJECT_SOURCE_DIR}/org/mozilla/jss/util/jssver.h" -- ) -- configure_file( -- "${PROJECT_SOURCE_DIR}/lib/MANIFEST.MF.in" -- "${CMAKE_BINARY_DIR}/MANIFEST.MF" -- ) - endmacro() - - macro(jss_config_outputs) -@@ -326,3 +319,19 @@ macro(jss_config_java) - math(EXPR JSS_TEST_PORT_CLIENTAUTH ${JSS_BASE_PORT}+0) - math(EXPR JSS_TEST_PORT_CLIENTAUTH_FIPS ${JSS_BASE_PORT}+1) - endmacro() -+ -+macro(jss_config_template) -+ # Template files -+ configure_file( -+ "${PROJECT_SOURCE_DIR}/org/mozilla/jss/util/jssver.h.in" -+ "${PROJECT_SOURCE_DIR}/org/mozilla/jss/util/jssver.h" -+ ) -+ configure_file( -+ "${PROJECT_SOURCE_DIR}/lib/MANIFEST.MF.in" -+ "${CMAKE_BINARY_DIR}/MANIFEST.MF" -+ ) -+ configure_file( -+ "${PROJECT_SOURCE_DIR}/tools/run_test.sh.in" -+ "${CMAKE_BINARY_DIR}/run_test.sh" -+ ) -+endmacro() -diff --git a/tools/run_test.sh.in b/tools/run_test.sh.in -new file mode 100755 -index 00000000..60233c05 ---- /dev/null -+++ b/tools/run_test.sh.in -@@ -0,0 +1,15 @@ -+#!/bin/bash -+ -+# This utility gets templated to build/run_test.sh to help with running a -+# single test after building JSS. This gives the caller more flexibility -+# with command line arguments and ensures that the correct build artifacts -+# get used. -+ -+export LD_LIBRARY_PATH="${CMAKE_BINARY_DIR}" -+ -+if [ "$1" == "--gdb" ]; then -+ shift -+ gdb --args "${Java_JAVA_EXECUTABLE}" -classpath "${TEST_CLASSPATH}" -ea -Djava.library.path="${CMAKE_BINARY_DIR}" "$@" -+else -+ "${Java_JAVA_EXECUTABLE}" -classpath "${TEST_CLASSPATH}" -ea -Djava.library.path="${CMAKE_BINARY_DIR}" "$@" -+fi --- -2.21.0 - diff --git a/SOURCES/0006-Add-script-to-add-common-root-CAs.patch b/SOURCES/0006-Add-script-to-add-common-root-CAs.patch deleted file mode 100644 index cde61fe..0000000 --- a/SOURCES/0006-Add-script-to-add-common-root-CAs.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 61985f642b0b5cc75fc3f254ef6c99aeb56acbe2 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Thu, 29 Aug 2019 16:14:08 -0400 -Subject: [PATCH 2/3] Add script to add common root CAs - -When given an NSS DB, common_roots.sh uses the trust command to extract -the root CAs trusted by the local system and add them to said NSS DB. - -Signed-off-by: Alexander Scheel ---- - tools/common_roots.sh | 36 ++++++++++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - create mode 100755 tools/common_roots.sh - -diff --git a/tools/common_roots.sh b/tools/common_roots.sh -new file mode 100755 -index 00000000..97341c4c ---- /dev/null -+++ b/tools/common_roots.sh -@@ -0,0 +1,36 @@ -+#!/bin/bash -+ -+# This script reads the contents of the OS CA bundle store, -+# /usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit -+# and places the contained CAs into the specified NSS DB. -+# -+# This NSS DB is used by various JSS tests that aren't enabled -+# by default because they require an active internet connection. -+ -+nssdb="$1" -+ -+if [ -z "$nssdb" ] && [ -e "build" ]; then -+ nssdb="build/results/cadb" -+elif [ -z "$nssdb" ] && [ -e "../build" ]; then -+ nssdb="../build/results/cadb" -+else -+ echo "Must provide path to NSS DB!" 1>&2 -+ exit 1 -+fi -+ -+if [ -e "$nssdb" ]; then -+ rm -rf "$nssdb" -+fi -+ -+mkdir -p "$nssdb" -+echo "" > "$nssdb/password.txt" -+certutil -N -d "$nssdb" -f "$nssdb/password.txt" -+ -+trust extract --format=pem-bundle --filter=ca-anchors "$nssdb/complete.pem" -+ -+# From: https://serverfault.com/questions/391396/how-to-split-a-pem-file -+csplit -f "$nssdb/individual-" "$nssdb/complete.pem" '/-----BEGIN CERTIFICATE-----/' '{*}' -+ -+for cert in "$nssdb"/individual*; do -+ certutil -A -a -i "$cert" -n "$cert" -t CT,C,C -d "$nssdb" -f "$nssdb/password.txt" -+done --- -2.21.0 - diff --git a/SOURCES/0007-Add-optional-test-case-against-badssl.com.patch b/SOURCES/0007-Add-optional-test-case-against-badssl.com.patch deleted file mode 100644 index ba155f1..0000000 --- a/SOURCES/0007-Add-optional-test-case-against-badssl.com.patch +++ /dev/null @@ -1,233 +0,0 @@ -From 7b4c0fa04f5e4469fc8bc442c9f12f975c5e1610 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Wed, 28 Aug 2019 09:23:41 -0400 -Subject: [PATCH 3/3] Add optional test case against badssl.com - -badssl.com maintains a number of subdomains with valid and invalid TLS -configurations. A number of these test certificates which fail in -certain scenarios (revoked, expired, etc). Add a test runner which -validates SSLSocket's implementation against badssl.com. - -Signed-off-by: Alexander Scheel ---- - org/mozilla/jss/tests/BadSSL.java | 208 ++++++++++++++++++++++++++++++ - 1 file changed, 208 insertions(+) - create mode 100644 org/mozilla/jss/tests/BadSSL.java - -diff --git a/org/mozilla/jss/tests/BadSSL.java b/org/mozilla/jss/tests/BadSSL.java -new file mode 100644 -index 00000000..60bfe820 ---- /dev/null -+++ b/org/mozilla/jss/tests/BadSSL.java -@@ -0,0 +1,208 @@ -+package org.mozilla.jss.tests; -+ -+import org.mozilla.jss.CryptoManager; -+ -+import org.mozilla.jss.ssl.SSLSocket; -+import org.mozilla.jss.ssl.SSLSocketException; -+ -+import org.mozilla.jss.util.NativeErrcodes; -+ -+/** -+ * The BadSSL test case maintains an internal mapping from badssl.com -+ * subdomains to expected exceptions and validates they occur. -+ * -+ * Since badssl.com offers no guaranteed SLA or availability, we likely -+ * shouldn't add this site to automated tests. -+ */ -+ -+public class BadSSL { -+ public static void main(String[] args) throws Exception { -+ boolean ocsp = false; -+ -+ if (args.length < 1) { -+ System.out.println("Usage: BadSSL nssdb [LEAF_AND_CHAIN]"); -+ return; -+ } -+ -+ if (args.length >= 2 && args[1].equals("LEAF_AND_CHAIN")) { -+ System.out.println("Enabling leaf and chain policy..."); -+ ocsp = true; -+ } -+ -+ CryptoManager.initialize(args[0]); -+ CryptoManager cm = CryptoManager.getInstance(); -+ -+ if (ocsp) { -+ cm.setOCSPPolicy(CryptoManager.OCSPPolicy.LEAF_AND_CHAIN); -+ } -+ -+ -+ // Test cases which should fail due to various certificate errors. -+ testExpired(); -+ testWrongHost(); -+ testSelfSigned(); -+ testUntrustedRoot(); -+ -+ // The following test cases depend on crypto-policies or local NSS -+ // configuration. -+ testSHA1(); -+ testRC4MD5(); -+ testRC4(); -+ test3DES(); -+ testNULL(); -+ -+ // The following test cases depend on OCSP being enabled. -+ if (ocsp) { -+ testRevoked(); -+ } -+ -+ // Test cases which should pass given the correct root certs. -+ testSHA256(); -+ testSHA384(); -+ testSHA512(); -+ -+ testECC256(); -+ testECC384(); -+ -+ testRSA2048(); -+ testRSA4096(); -+ testRSA8192(); -+ -+ testExtendedValidation(); -+ } -+ -+ /* Test cases whose handshakes should fail below. */ -+ -+ public static void testExpired() throws Exception { -+ testHelper("expired.badssl.com", 443, new String[]{ "(-8181)", "has expired" }); -+ } -+ -+ public static void testWrongHost() throws Exception { -+ testHelper("wrong.host.badssl.com", 443, new String[]{ "(-12276)", "domain name does not match" }); -+ } -+ -+ public static void testSelfSigned() throws Exception { -+ testHelper("self-signed.badssl.com", 443, new String[]{ "(-8101)", "(-8156)", "type not approved", "issuer certificate is invalid" }); -+ } -+ -+ public static void testUntrustedRoot() throws Exception { -+ testHelper("untrusted-root.badssl.com", 443, new String[]{ "(-8172)", "certificate issuer has been marked as not trusted" }); -+ } -+ -+ public static void testRevoked() throws Exception { -+ testHelper("revoked.badssl.com", 443, new String[]{ "(-8180)", "has been revoked" }); -+ } -+ -+ public static void testSHA1() throws Exception { -+ testHelper("sha1-intermediate.badssl.com", 443, new String[] { "(-12286)", "Cannot communicate securely" }); -+ } -+ -+ public static void testRC4MD5() throws Exception { -+ testHelper("rc4-md5.badssl.com", 443, new String[] { "(-12286)", "Cannot communicate securely" }); -+ } -+ -+ public static void testRC4() throws Exception { -+ testHelper("rc4.badssl.com", 443, new String[] { "(-12286)", "Cannot communicate securely" }); -+ } -+ -+ public static void test3DES() throws Exception { -+ testHelper("3des.badssl.com", 443, new String[] { "(-12286)", "Cannot communicate securely" }); -+ } -+ -+ public static void testNULL() throws Exception { -+ testHelper("null.badssl.com", 443, new String[] { "(-12286)", "Cannot communicate securely" }); -+ } -+ -+ /* Test cases which should handshake successfully below. */ -+ -+ public static void testSHA256() throws Exception { -+ testHelper("sha256.badssl.com", 443); -+ } -+ -+ public static void testSHA384() throws Exception { -+ testHelper("sha384.badssl.com", 443); -+ } -+ -+ public static void testSHA512() throws Exception { -+ testHelper("sha512.badssl.com", 443); -+ } -+ -+ public static void testECC256() throws Exception { -+ testHelper("ecc256.badssl.com", 443); -+ } -+ -+ public static void testECC384() throws Exception { -+ testHelper("ecc384.badssl.com", 443); -+ } -+ -+ public static void testRSA2048() throws Exception { -+ testHelper("rsa2048.badssl.com", 443); -+ } -+ -+ public static void testRSA4096() throws Exception { -+ testHelper("rsa4096.badssl.com", 443); -+ } -+ -+ public static void testRSA8192() throws Exception { -+ testHelper("rsa8192.badssl.com", 443); -+ } -+ -+ public static void testExtendedValidation() throws Exception { -+ testHelper("extended-validation.badssl.com", 443); -+ } -+ -+ /* Test case helpers. */ -+ -+ public static void testHelper(String host, int port) throws Exception { -+ testSite(host, port); -+ System.out.println("\t...ok"); -+ } -+ -+ public static void testHelper(String host, int port, String[] substrs) throws Exception { -+ try { -+ testSite(host, port); -+ } catch (SSLSocketException sse) { -+ String actual = sse.getMessage().toLowerCase(); -+ -+ for (String expected : substrs) { -+ if (actual.contains(expected.toLowerCase())) { -+ System.out.println("\t...got expected error message."); -+ return; -+ } -+ } -+ -+ System.err.println("\tUnexpected error message: " + actual); -+ throw sse; -+ } -+ -+ throw new RuntimeException("Expected to get an exception, but didn't!"); -+ } -+ -+ public static void testHelper(String host, int port, int[] codes) throws Exception { -+ try { -+ testSite(host, port); -+ } catch (SSLSocketException sse) { -+ int actual = sse.getErrcode(); -+ for (int expected : codes) { -+ if (actual == expected) { -+ System.out.println("\t...got expected error code."); -+ return; -+ } -+ } -+ -+ System.err.println("\tUnexpected error code: " + actual); -+ throw sse; -+ } -+ -+ throw new RuntimeException("Expected to get an exception, but didn't!"); -+ } -+ -+ public static void testSite(String host, int port) throws Exception { -+ System.out.println("Testing connection to " + host + ":" + port); -+ SSLSocket sock = new SSLSocket(host, 443); -+ sock.forceHandshake(); -+ sock.shutdownOutput(); -+ sock.shutdownInput(); -+ sock.close(); -+ } -+} --- -2.21.0 - diff --git a/SPECS/jss.spec b/SPECS/jss.spec index 330bc8d..87baafc 100644 --- a/SPECS/jss.spec +++ b/SPECS/jss.spec @@ -6,8 +6,8 @@ Summary: Java Security Services (JSS) URL: http://www.dogtagpki.org/wiki/JSS License: MPLv1.1 or GPLv2+ or LGPLv2+ -Version: 4.6.0 -Release: 5%{?_timestamp}%{?_commit_id}%{?dist} +Version: 4.6.2 +Release: 4%{?_timestamp}%{?_commit_id}%{?dist} # global _phase -a1 # To generate the source tarball: @@ -25,13 +25,10 @@ Source: https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas # \ # > jss-VERSION-RELEASE.patch # Patch: jss-VERSION-RELEASE.patch -Patch1: 0001-Disable-buffer-based-tests.patch -Patch2: 0002-Support-LD_FLAGS-from-environment.patch -Patch3: 0003-Remove-legacy-DSA-implementation.patch -Patch4: 0004-JSS-CVE-2019-14823-fix.patch -Patch5: 0005-Add-helper-to-run-a-single-test-case.patch -Patch6: 0006-Add-script-to-add-common-root-CAs.patch -Patch7: 0007-Add-optional-test-case-against-badssl.com.patch +Patch0: 0001-Fix-NativeProxy-reference-tracker.patch +Patch1: 0002-Fix-swapped-parameter-names-with-PBE.patch +Patch3: 0003-Use-specified-algorithm-for-KeyWrap.patch +Patch4: 0004-Remove-token-key-checks.patch ################################################################################ # Build Dependencies @@ -88,7 +85,6 @@ This only works with gcj. Other JREs require that JCE providers be signed. ################################################################################ Summary: Java Security Services (JSS) Javadocs -Group: Documentation Requires: jss = %{version}-%{release} %description javadoc @@ -113,6 +109,9 @@ export BUILD_OPT=1 CFLAGS="-g $RPM_OPT_FLAGS" export CFLAGS +# Check if we're in FIPS mode +modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1 + # The Makefile is not thread-safe rm -rf build && mkdir -p build && cd build %cmake \ @@ -164,14 +163,24 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} ################################################################################ %changelog +* Mon Mar 23 2020 Red Hat PKI Team 4.6.2-4 +- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing + +* Mon Mar 02 2020 Red Hat PKI Team 4.6.2-3 +- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing + +* Tue Oct 29 2019 Red Hat PKI Team 4.6.2-2 +- Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations +- Rebased to JSS 4.6.2 + * Wed Sep 11 2019 Red Hat PKI Team 4.6.0-5 -- Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate +- Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate * Wed Aug 14 2019 Red Hat PKI Team 4.6.0-4 - Red Hat Bugzilla #1698059 - pki-core implements crypto * Tue Jul 16 2019 Red Hat PKI Team 4.6.0-3 -- Red Hat Bugilla #1721135 - JSS - LD_FLAGS support +- Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support * Wed Jun 12 2019 Red Hat PKI Team 4.6.0-2 - Minor updates to release