diff --git a/SOURCES/jss-HMAC-test-for-AES-encrypt-unwrap.patch b/SOURCES/jss-HMAC-test-for-AES-encrypt-unwrap.patch
new file mode 100644
index 0000000..435dfd0
--- /dev/null
+++ b/SOURCES/jss-HMAC-test-for-AES-encrypt-unwrap.patch
@@ -0,0 +1,196 @@
+# HG changeset patch
+# User Jack Magne <jmagne@redhat.com>
+# Date 1504307754 25200
+# Fri Sep 01 16:15:54 2017 -0700
+# Node ID eec15518fd61f1d988c25b4de589555796f9e65f
+# Parent 17d1d7b740ca5777fbcf8ee817a2f26b9c93593a
+unwrapping of HMAC-SHA1 secret keys using AES wrapping and unwrapping
+cfu on behalf of jmagne
+
+diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/pkcs11/PK11KeyWrapper.java
+--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.java Mon May 01 10:39:50 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.java Fri Sep 01 16:15:54 2017 -0700
+@@ -588,6 +588,8 @@
+ return EncryptionAlgorithm.RC4;
+ } else if( type == SymmetricKey.AES ) {
+ return EncryptionAlgorithm.AES_128_ECB;
++ } else if( type == SymmetricKey.SHA1_HMAC) {
++ return HMACAlgorithm.SHA1;
+ } else {
+ Assert._assert( type == SymmetricKey.RC2 );
+ return EncryptionAlgorithm.RC2_CBC;
+diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/pkcs11/PK11MessageDigest.c
+--- a/org/mozilla/jss/pkcs11/PK11MessageDigest.c Mon May 01 10:39:50 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11MessageDigest.c Fri Sep 01 16:15:54 2017 -0700
+@@ -67,19 +67,19 @@
+ }
+
+ /* copy the key, setting the CKA_SIGN attribute */
+- /*
++
+ newKey = PK11_CopySymKeyForSigning(origKey, mech);
++
++ /* For some key on the hsm, this call could fail, but the key may work anyway */
++
+ if( newKey == NULL ) {
+- JSS_throwMsg(env, DIGEST_EXCEPTION,
+- "Unable to set CKA_SIGN attribute on symmetric key");
+- goto finish;
++ newKey = origKey;
+ }
+- */
+
+ param.data = NULL;
+ param.len = 0;
+
+- context = PK11_CreateContextBySymKey(mech, CKA_SIGN, origKey, ¶m);
++ context = PK11_CreateContextBySymKey(mech, CKA_SIGN, newKey, ¶m);
+ if( context == NULL ) {
+ JSS_throwMsg(env, DIGEST_EXCEPTION,
+ "Unable to initialize digest context");
+@@ -88,7 +88,7 @@
+
+ contextObj = JSS_PK11_wrapCipherContextProxy(env, &context);
+ finish:
+- if(newKey) {
++ if(newKey && (newKey != origKey)) {
+ /* SymKeys are ref counted, and the context will free it's ref
+ * when it is destroyed */
+ PK11_FreeSymKey(newKey);
+diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/tests/HmacTest.java
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ b/org/mozilla/jss/tests/HmacTest.java Fri Sep 01 16:15:54 2017 -0700
+@@ -0,0 +1,119 @@
++
++package org.mozilla.jss.tests;
++
++
++import java.security.Key;
++import javax.crypto.Cipher;
++import javax.crypto.KeyGenerator;
++import javax.crypto.Mac;
++import javax.crypto.SecretKey;
++import javax.crypto.spec.IvParameterSpec;
++
++import org.mozilla.jss.CryptoManager;
++import org.mozilla.jss.crypto.CryptoToken;
++import org.mozilla.jss.crypto.SymmetricKey;
++
++
++public class HmacTest {
++
++ private static final String INTERNAL_KEY_STORAGE_TOKEN =
++ new CryptoManager.InitializationValues("").getInternalKeyStorageTokenDescription().trim();
++
++ private static final String NSS_DATABASE_DIR = "sql:data";
++ private static final String PROVIDER = "Mozilla-JSS";
++
++
++ public static void main(String[] args)
++ {
++
++ String algorithm = "hmac-sha1";
++
++ try {
++ configureCrypto(args);
++
++ Mac mac = Mac.getInstance(algorithm, PROVIDER);
++
++ byte[] keyData = new byte[16];
++ Key key = importHmacSha1Key(keyData);
++
++ mac.init(key);
++
++ doHMAC(mac,"Dogtag rules!");
++
++ System.out.println("Done");
++
++ System.exit(0);
++ } catch (Exception e) {
++ System.exit(1);
++ }
++ }
++
++ private static void configureCrypto(String[] args)
++ throws Exception {
++
++ CryptoManager.InitializationValues initializationValues =
++ new CryptoManager.InitializationValues(args[0]);
++
++ CryptoManager.initialize(initializationValues);
++
++ CryptoManager cryptoManager = CryptoManager.getInstance();
++
++ CryptoToken cryptoToken =
++ cryptoManager.getTokenByName(INTERNAL_KEY_STORAGE_TOKEN);
++
++ cryptoManager.setThreadToken(cryptoToken);
++ }
++
++ private static Key importHmacSha1Key(byte[] key)
++ throws Exception {
++
++ final String WRAPPING_ALGORITHM = "AES/CBC/PKCS5Padding";
++
++ Key wrappingKey = getWrappingKey();
++
++ byte[] iv = new byte[16];
++ IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
++
++ Cipher wrappingCipher = Cipher.getInstance(WRAPPING_ALGORITHM, PROVIDER);
++ wrappingCipher.init(Cipher.ENCRYPT_MODE, wrappingKey, ivParameterSpec);
++
++ byte[] wrappedKeyData = wrappingCipher.doFinal(key);
++
++ Cipher unwrappingCipher = Cipher.getInstance(WRAPPING_ALGORITHM, PROVIDER);
++ unwrappingCipher.init(Cipher.UNWRAP_MODE, wrappingKey, ivParameterSpec);
++
++ return (SecretKey) unwrappingCipher.unwrap(wrappedKeyData,
++ SymmetricKey.SHA1_HMAC.toString(),
++ Cipher.SECRET_KEY);
++ }
++
++ private static synchronized Key getWrappingKey()
++ throws Exception {
++
++ final String keyGenAlgorithm = "AES";
++ final int wrappingKeyLength = 256;
++
++ KeyGenerator keyGen = KeyGenerator.getInstance(keyGenAlgorithm, PROVIDER);
++ keyGen.init(wrappingKeyLength);
++ return keyGen.generateKey();
++ }
++
++ public static void doHMAC(Mac mozillaHmac, String clearText)
++ throws Exception {
++ byte[] mozillaHmacOut;
++
++ //Get the Mozilla HMAC
++ mozillaHmacOut = mozillaHmac.doFinal(clearText.getBytes());
++
++ if (mozillaHmacOut.length == mozillaHmac.getMacLength()) {
++ System.out.println(PROVIDER + " supports " +
++ mozillaHmac.getAlgorithm() + " and the output size is " + mozillaHmac.getMacLength());
++ } else {
++ throw new Exception("ERROR: hmac output size is " +
++ mozillaHmacOut.length + ", should be " +
++ mozillaHmac.getMacLength());
++ }
++ }
++
++
++}
+diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/tests/all.pl
+--- a/org/mozilla/jss/tests/all.pl Mon May 01 10:39:50 2017 -0700
++++ b/org/mozilla/jss/tests/all.pl Fri Sep 01 16:15:54 2017 -0700
+@@ -492,6 +492,10 @@
+ $command = "$java -cp $jss_classpath org.mozilla.jss.tests.HMACTest $testdir $pwfile";
+ run_test($testname, $command);
+
++$testname = "HMAC Unwrap";
++$command = "$java -cp $jss_classpath org.mozilla.jss.tests.HmacTest $testdir $pwfile";
++run_test($testname, $command);
++
+ $testname = "KeyWrapping ";
+ $command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCAKeyWrap $testdir $pwfile";
+ run_test($testname, $command);
diff --git a/SOURCES/jss-HMAC-unwrap-keywrap-FIPSMODE.patch b/SOURCES/jss-HMAC-unwrap-keywrap-FIPSMODE.patch
new file mode 100644
index 0000000..529d33a
--- /dev/null
+++ b/SOURCES/jss-HMAC-unwrap-keywrap-FIPSMODE.patch
@@ -0,0 +1,22 @@
+# HG changeset patch
+# User Jack Magne <jmagne@redhat.com>
+# Date 1506640850 25200
+# Thu Sep 28 16:20:50 2017 -0700
+# Node ID 252c10f448971b7ae087bde259505abd5dc5a03a
+# Parent 3e9a5ae2149d04877dc19b117a8917c22854f8eb
+Fix: Bug 1400884 - new JSS failures: HMAC Unwrap and KeyWrapping FIPSMODE.
+
+diff --git a/org/mozilla/jss/pkcs11/KeyType.java b/org/mozilla/jss/pkcs11/KeyType.java
+--- a/org/mozilla/jss/pkcs11/KeyType.java
++++ b/org/mozilla/jss/pkcs11/KeyType.java
+@@ -204,9 +204,7 @@
+ EncryptionAlgorithm.AES_192_CBC,
+ EncryptionAlgorithm.AES_256_ECB,
+ EncryptionAlgorithm.AES_256_CBC,
+- /* AES CBC PAD is the same as AES_256_CBC_PAD */
+- /* shouldn't break backward compatibility 313798*/
+- //EncryptionAlgorithm.AES_CBC_PAD,
++ EncryptionAlgorithm.AES_CBC_PAD,
+ EncryptionAlgorithm.AES_128_CBC_PAD,
+ EncryptionAlgorithm.AES_192_CBC_PAD,
+ EncryptionAlgorithm.AES_256_CBC_PAD
diff --git a/SOURCES/jss-PBE-padded-block-cipher-enhancements.patch b/SOURCES/jss-PBE-padded-block-cipher-enhancements.patch
new file mode 100644
index 0000000..8f43ec5
--- /dev/null
+++ b/SOURCES/jss-PBE-padded-block-cipher-enhancements.patch
@@ -0,0 +1,620 @@
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504894163 25200
+# Fri Sep 08 11:09:23 2017 -0700
+# Node ID 3629b598a9ce73e83c7896407e3ca820f6383750
+# Parent eec15518fd61f1d988c25b4de589555796f9e65f
+Bug 1370778 PBE and padded block cipher enhancements and fixes -
+ patch jss-ftweedal-0006-PBEKeyGenParams-allow-specifying-encryption-algorith.patch
+
+Allow specifying an target encryption algorithm in PBEKeyGenParams;
+ if the PBE algorithm does not imply a particular cipher, this is needed
+ to determine the size of the key to generate
+
+cfu for ftweedale
+
+diff -r eec15518fd61 -r 3629b598a9ce org/mozilla/jss/crypto/PBEKeyGenParams.java
+--- a/org/mozilla/jss/crypto/PBEKeyGenParams.java Fri Sep 01 16:15:54 2017 -0700
++++ b/org/mozilla/jss/crypto/PBEKeyGenParams.java Fri Sep 08 11:09:23 2017 -0700
+@@ -13,6 +13,7 @@
+ private Password pass;
+ private byte[] salt;
+ private int iterations;
++ private EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC;
+
+ private PBEKeyGenParams() { }
+
+@@ -40,7 +41,8 @@
+ }
+
+ /**
+- * Creates PBE parameters.
++ * Creates PBE parameters using default encryption algorithm
++ * (DES3_EDE3_CBC).
+ *
+ * @param pass The password. It will be cloned, so the
+ * caller is still responsible for clearing it. It must not be null.
+@@ -60,6 +62,33 @@
+ }
+
+ /**
++ * Creates PBE parameters using default encryption algorithm
++ * (DES3_EDE3_CBC).
++ *
++ * @param pass The password. It will be cloned, so the
++ * caller is still responsible for clearing it. It must not be null.
++ * @param salt The salt for the PBE algorithm. Will <b>not</b> be cloned.
++ * Must not be null. It is the responsibility of the caller to
++ * use the right salt length for the algorithm. Most algorithms
++ * use 8 bytes of salt.
++ * @param iterations The iteration count for the PBE algorithm.
++ * @param encAlg The encryption algorithm. This is used with SOME
++ * PBE algorithms for determining the KDF output length.
++ */
++ public PBEKeyGenParams(
++ char[] pass, byte[] salt, int iterations,
++ EncryptionAlgorithm encAlg) {
++ if (pass == null || salt == null) {
++ throw new NullPointerException();
++ }
++ this.pass = new Password((char[]) pass.clone());
++ this.salt = salt;
++ this.iterations = iterations;
++ if (encAlg != null)
++ this.encryptionAlgorithm = encAlg;
++ }
++
++ /**
+ * Returns a <b>reference</b> to the password, not a copy.
+ */
+ public Password getPassword() {
+@@ -81,6 +110,14 @@
+ }
+
+ /**
++ * The encryption algorithm is used with SOME PBE algorithms for
++ * determining the KDF output length.
++ */
++ public EncryptionAlgorithm getEncryptionAlgorithm() {
++ return encryptionAlgorithm;
++ }
++
++ /**
+ * Clears the password. This should be called when this object is no
+ * longer needed so the password is not left around in memory.
+ */
+diff -r eec15518fd61 -r 3629b598a9ce org/mozilla/jss/pkcs11/PK11KeyGenerator.c
+--- a/org/mozilla/jss/pkcs11/PK11KeyGenerator.c Fri Sep 01 16:15:54 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11KeyGenerator.c Fri Sep 08 11:09:23 2017 -0700
+@@ -246,9 +246,9 @@
+ *
+ */
+ JNIEXPORT jobject JNICALL
+-Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE
+- (JNIEnv *env, jclass clazz, jobject token, jobject alg, jbyteArray passBA,
+- jbyteArray saltBA, jint iterationCount)
++Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE(
++ JNIEnv *env, jclass clazz, jobject token, jobject alg, jobject encAlg,
++ jbyteArray passBA, jbyteArray saltBA, jint iterationCount)
+ {
+ PK11SlotInfo *slot=NULL;
+ PK11SymKey *skey=NULL;
+@@ -299,12 +299,15 @@
+ oidTag = JSS_getOidTagFromAlg(env, alg);
+ PR_ASSERT(oidTag != SEC_OID_UNKNOWN);
+
++ SECOidTag encAlgOidTag = JSS_getOidTagFromAlg(env, encAlg);
++ PR_ASSERT(encAlgOidTag != SEC_OID_UNKNOWN);
++
+ /* create algid */
+ algid = PK11_CreatePBEV2AlgorithmID(
+ oidTag,
+- SEC_OID_DES_EDE3_CBC,
++ encAlgOidTag,
+ SEC_OID_HMAC_SHA1,
+- 168/8,
++ 0,
+ iterationCount,
+ salt);
+
+diff -r eec15518fd61 -r 3629b598a9ce org/mozilla/jss/pkcs11/PK11KeyGenerator.java
+--- a/org/mozilla/jss/pkcs11/PK11KeyGenerator.java Fri Sep 01 16:15:54 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11KeyGenerator.java Fri Sep 08 11:09:23 2017 -0700
+@@ -178,8 +178,9 @@
+ byte[] pwbytes=null;
+ try {
+ pwbytes = charToByte.convert( kgp.getPassword().getChars() );
+- return generatePBE(token, algorithm, pwbytes,
+- kgp.getSalt(), kgp.getIterations());
++ return generatePBE(
++ token, algorithm, kgp.getEncryptionAlgorithm(),
++ pwbytes, kgp.getSalt(), kgp.getIterations());
+ } finally {
+ if( pwbytes!=null ) {
+ Password.wipeBytes(pwbytes);
+@@ -296,7 +297,9 @@
+ * be null.
+ */
+ private static native SymmetricKey
+- generatePBE(PK11Token token, KeyGenAlgorithm algorithm, byte[] pass,
+- byte[] salt, int iterationCount) throws TokenException;
++ generatePBE(
++ PK11Token token, KeyGenAlgorithm algorithm, EncryptionAlgorithm encAlg,
++ byte[] pass, byte[] salt, int iterationCount)
++ throws TokenException;
+
+ }
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504894529 25200
+# Fri Sep 08 11:15:29 2017 -0700
+# Node ID bada1409d2bb67cd92c3b7c292b8bb4ae6388513
+# Parent 3629b598a9ce73e83c7896407e3ca820f6383750
+Bug 1370778 PBE and padded block cipher enhancements and fixes -
+patch jss-ftweedal-0007-Support-the-CKK_GENERIC_SECRET-symmetric-key-type.patch
+Subject: Support the CKK_GENERIC_SECRET symmetric key type
+From: Fraser Tweedale <ftweedal@redhat.com>
+Content-Type: text/plain
+found patch at byte 873
+message:
+Support the CKK_GENERIC_SECRET symmetric key type
+The NSS PBKDF2 generation produces a key with the CKK_GENERIC_SECRET
+key type. The underlying PKCS #11 object *does* record the intended
+encryption algorithm that was specified when generating the key via
+PK11_PBEKeyGen, but this information is not exposed via the PKCS #11
+interface. When initialising a cipher, JSS checks the key type
+against the encryption algorithm and fails if they do not match,
+which is always the case with PBKDF2-derived keys.
+
+To work around this problem, properly record the key type for
+CKK_GENERIC_SECRET keys, and update the cipher initialisation key
+type check to always accept such keys.
+
+cfu for ftweedal
+
+diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/pkcs11/KeyType.java
+--- a/org/mozilla/jss/pkcs11/KeyType.java Fri Sep 08 11:09:23 2017 -0700
++++ b/org/mozilla/jss/pkcs11/KeyType.java Fri Sep 08 11:15:29 2017 -0700
+@@ -242,4 +242,7 @@
+ "SHA1_HMAC"
+ );
+
++ static public final KeyType GENERIC_SECRET =
++ new KeyType(new Algorithm[] { }, "GENERIC_SECRET");
++
+ }
+diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/pkcs11/PK11Cipher.java
+--- a/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:09:23 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:15:29 2017 -0700
+@@ -243,8 +243,11 @@
+ }
+
+ try {
+- if( ((PK11SymKey)key).getKeyType() !=
+- KeyType.getKeyTypeFromAlgorithm(algorithm) ) {
++ KeyType keyType = ((PK11SymKey) key).getKeyType();
++ if (
++ keyType != KeyType.GENERIC_SECRET
++ && keyType != KeyType.getKeyTypeFromAlgorithm(algorithm)
++ ) {
+ throw new InvalidKeyException("Key is not the right type for"+
+ " this algorithm: " + ((PK11SymKey)key).getKeyType() + ":" + KeyType.getKeyTypeFromAlgorithm(algorithm) +";");
+ }
+diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/pkcs11/PK11SymKey.c
+--- a/org/mozilla/jss/pkcs11/PK11SymKey.c Fri Sep 08 11:09:23 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11SymKey.c Fri Sep 08 11:15:29 2017 -0700
+@@ -305,6 +305,9 @@
+ case CKK_DES2:
+ typeFieldName = DES3_KEYTYPE_FIELD;
+ break;
++ case CKK_GENERIC_SECRET:
++ typeFieldName = GENERIC_SECRET_KEYTYPE_FIELD;
++ break;
+ default:
+ PR_ASSERT(PR_FALSE);
+ typeFieldName = DES_KEYTYPE_FIELD;
+diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/util/java_ids.h
+--- a/org/mozilla/jss/util/java_ids.h Fri Sep 08 11:09:23 2017 -0700
++++ b/org/mozilla/jss/util/java_ids.h Fri Sep 08 11:15:29 2017 -0700
+@@ -87,6 +87,7 @@
+ #define RC2_KEYTYPE_FIELD "RC2"
+ #define SHA1_HMAC_KEYTYPE_FIELD "SHA1_HMAC"
+ #define AES_KEYTYPE_FIELD "AES"
++#define GENERIC_SECRET_KEYTYPE_FIELD "GENERIC_SECRET"
+
+ /*
+ * NativeProxy
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504894882 25200
+# Fri Sep 08 11:21:22 2017 -0700
+# Node ID 890216599f21df4c6d07815604aaac526823a892
+# Parent bada1409d2bb67cd92c3b7c292b8bb4ae6388513
+Bug 1370778 PBE and padded block cipher enhancements and fixes -
+patch jss-ftweedal-0008-PK11Cipher-improve-error-reporting.patch
+Subject: PK11Cipher: improve error reporting
+From: Fraser Tweedale <ftweedal@redhat.com>
+message:
+PK11Cipher: improve error reporting
+
+cfu for ftweedal
+
+diff -r bada1409d2bb -r 890216599f21 org/mozilla/jss/pkcs11/PK11Cipher.c
+--- a/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:15:29 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:21:22 2017 -0700
+@@ -152,7 +152,9 @@
+ /* do the operation */
+ if( PK11_CipherOp(context, outbuf, (int*)&outlen, outlen,
+ (unsigned char*)inbuf, inlen) != SECSuccess) {
+- JSS_throwMsg(env, TOKEN_EXCEPTION, "Cipher Operation failed");
++ JSS_throwMsgPrErrArg(
++ env, TOKEN_EXCEPTION, "Cipher context update failed",
++ PR_GetError());
+ goto finish;
+ }
+ PR_ASSERT(outlen >= 0);
+@@ -209,7 +211,9 @@
+ /* perform the finalization */
+ status = PK11_DigestFinal(context, outBuf, &newOutLen, outLen);
+ if( (status != SECSuccess) ) {
+- JSS_throwMsg(env, TOKEN_EXCEPTION, "Cipher operation failed on token");
++ JSS_throwMsgPrErrArg(
++ env, TOKEN_EXCEPTION, "Cipher context finalization failed",
++ PR_GetError());
+ goto finish;
+ }
+
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504895552 25200
+# Fri Sep 08 11:32:32 2017 -0700
+# Node ID d39e9b373798ea9d6ae7f35089b07143845b210e
+# Parent 890216599f21df4c6d07815604aaac526823a892
+Bug 1370778 PBE and padded block cipher enhancements and fixes -
+patch jss-ftweedal-0009-Update-AES-CBC-PAD-cipher-definitions.patch
+Subject: Update AES-CBC-PAD cipher definitions
+From: Fraser Tweedale <ftweedal@redhat.com>
+message:
+Update AES-CBC-PAD cipher definitions
+The AES_{128,192,256}_CBC_PAD EncryptionAlgorithm definitions declare
+the correct PKCS #11 cipher mechanism and padding, but do not declare
+the relevant OIDs. They are also unusable as target algorithms in
+PBE key generation because they declare a PK11_MECH instead of a
+SEC_OID_TAG.
+
+Update these algorithms definitions to declare a SEC_OID_TAG instead
+of a PK11_MECH (JSS_getOidTagFromAlg() will still return the correct
+mechanism) and declare the associated OIDs.
+
+cfu for ftweedal
+
+diff -r 890216599f21 -r d39e9b373798 org/mozilla/jss/crypto/EncryptionAlgorithm.java
+--- a/org/mozilla/jss/crypto/EncryptionAlgorithm.java Fri Sep 08 11:21:22 2017 -0700
++++ b/org/mozilla/jss/crypto/EncryptionAlgorithm.java Fri Sep 08 11:32:32 2017 -0700
+@@ -359,8 +359,10 @@
+ AES_ROOT_OID.subBranch(2), 128);
+
+ public static final EncryptionAlgorithm
+- AES_128_CBC_PAD = new EncryptionAlgorithm(CKM_AES_CBC_PAD, Alg.AES, Mode.CBC,
+- Padding.PKCS5, IVParameterSpecClasses, 16, null, 128); // no oid
++ AES_128_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_128_CBC,
++ Alg.AES, Mode.CBC,
++ Padding.PKCS5, IVParameterSpecClasses, 16,
++ AES_ROOT_OID.subBranch(2), 128);
+
+ public static final EncryptionAlgorithm
+ AES_192_ECB = new EncryptionAlgorithm(SEC_OID_AES_192_ECB,
+@@ -374,8 +376,10 @@
+ AES_ROOT_OID.subBranch(22), 192);
+
+ public static final EncryptionAlgorithm
+- AES_192_CBC_PAD = new EncryptionAlgorithm(CKM_AES_CBC_PAD, Alg.AES, Mode.CBC,
+- Padding.PKCS5, IVParameterSpecClasses, 16, null, 192); // no oid
++ AES_192_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_192_CBC,
++ Alg.AES, Mode.CBC,
++ Padding.PKCS5, IVParameterSpecClasses, 16,
++ AES_ROOT_OID.subBranch(22), 192);
+
+ public static final EncryptionAlgorithm
+ AES_256_ECB = new EncryptionAlgorithm(SEC_OID_AES_256_ECB,
+@@ -393,6 +397,9 @@
+ Padding.PKCS5, IVParameterSpecClasses, 16, null, 256); // no oid
+
+ public static final EncryptionAlgorithm
+- AES_256_CBC_PAD = AES_CBC_PAD;
++ AES_256_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_256_CBC,
++ Alg.AES, Mode.CBC,
++ Padding.PKCS5, IVParameterSpecClasses, 16,
++ AES_ROOT_OID.subBranch(42), 256);
+
+ }
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504896621 25200
+# Fri Sep 08 11:50:21 2017 -0700
+# Node ID 0b8a6e84b6c736743f2184b2b858fda6be740544
+# Parent d39e9b373798ea9d6ae7f35089b07143845b210e
+Bug 1370778 PBE and padded block cipher enhancements and fixes -
+patch jss-ftweedal-0010-PK11Cipher-use-pad-mechanism-for-algorithms-that-use.patch
+Subject: PK11Cipher: use pad mechanism for algorithms that use padding
+From: Fraser Tweedale <ftweedal@redhat.com>
+message:
+PK11Cipher: use pad mechanism for algorithms that use padding
+The PK11Cipher implementation, when initialising a cipher context,
+uses JSS_getPK11MechFromAlg() to retrieve the PKCS #11 mechanism to
+use. When a JSS EncryptionAlgorithm uses a SEC_OID_TAG, this will
+return the non-padded mechanism. Then, if the size of the data is
+not a multiple of the cipher block size, a padding error occurs.
+
+When the EncryptionAlgorithm indicates that padding is to be used,
+call PK11_GetPadMechanism() on the result of JSS_getPK11MechFromAlg()
+to get the padding variant of the mechanism.
+
+cfu for ftweedal
+
+diff -r d39e9b373798 -r 0b8a6e84b6c7 org/mozilla/jss/pkcs11/PK11Cipher.c
+--- a/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:32:32 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:50:21 2017 -0700
+@@ -24,16 +24,16 @@
+ JNIEXPORT jobject JNICALL
+ Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext
+ (JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
+- jobject algObj, jbyteArray ivBA)
++ jobject algObj, jbyteArray ivBA, jboolean padded)
+ {
+ return Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits
+- ( env, clazz, encrypt, keyObj, algObj, ivBA, 0);
++ ( env, clazz, encrypt, keyObj, algObj, ivBA, 0, padded);
+ }
+
+ JNIEXPORT jobject JNICALL
+ Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits
+ (JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
+- jobject algObj, jbyteArray ivBA, jint keyBits)
++ jobject algObj, jbyteArray ivBA, jint keyBits, jboolean padded)
+ {
+ CK_MECHANISM_TYPE mech;
+ PK11SymKey *key=NULL;
+@@ -53,6 +53,9 @@
+ goto finish;
+ }
+
++ if (padded)
++ mech = PK11_GetPadMechanism(mech);
++
+ /* get operation type */
+ if( encrypt ) {
+ op = CKA_ENCRYPT;
+diff -r d39e9b373798 -r 0b8a6e84b6c7 org/mozilla/jss/pkcs11/PK11Cipher.java
+--- a/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:32:32 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:50:21 2017 -0700
+@@ -90,10 +90,13 @@
+ state = ENCRYPT;
+
+ if( parameters instanceof RC2ParameterSpec ) {
+- contextProxy = initContextWithKeyBits( true, key, algorithm, IV,
+- ((RC2ParameterSpec)parameters).getEffectiveKeyBits() );
++ contextProxy = initContextWithKeyBits(
++ true, key, algorithm, IV,
++ ((RC2ParameterSpec)parameters).getEffectiveKeyBits(),
++ algorithm.isPadded());
+ } else {
+- contextProxy = initContext( true, key, algorithm, IV );
++ contextProxy = initContext(
++ true, key, algorithm, IV, algorithm.isPadded());
+ }
+ }
+
+@@ -112,10 +115,13 @@
+ state = DECRYPT;
+
+ if( parameters instanceof RC2ParameterSpec ) {
+- contextProxy = initContextWithKeyBits(false, key, algorithm, IV,
+- ((RC2ParameterSpec)parameters).getEffectiveKeyBits() );
++ contextProxy = initContextWithKeyBits(
++ false, key, algorithm, IV,
++ ((RC2ParameterSpec)parameters).getEffectiveKeyBits(),
++ algorithm.isPadded());
+ } else {
+- contextProxy = initContext(false, key, algorithm, IV);
++ contextProxy = initContext(
++ false, key, algorithm, IV, algorithm.isPadded());
+ }
+ }
+
+@@ -182,13 +188,13 @@
+
+ private static native CipherContextProxy
+ initContext(boolean encrypt, SymmetricKey key, EncryptionAlgorithm alg,
+- byte[] IV)
++ byte[] IV, boolean padded)
+ throws TokenException;
+
+ // This version accepts the number of effective key bits for RC2 CBC.
+ private static native CipherContextProxy
+ initContextWithKeyBits(boolean encrypt, SymmetricKey key,
+- EncryptionAlgorithm alg, byte[] IV, int keyBits)
++ EncryptionAlgorithm alg, byte[] IV, int keyBits, boolean padded)
+ throws TokenException;
+
+ private static native byte[]
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504896816 25200
+# Fri Sep 08 11:53:36 2017 -0700
+# Node ID b3b653faef8475ae03c670766429fd4dfab37a5e
+# Parent 0b8a6e84b6c736743f2184b2b858fda6be740544
+bug 1370778 PBE and padded block cipher enhancements and fixes -
+patch jss-ftweedal-0012-2-Add-method-EncryptedPrivateKeyInfo.createPBES2.patch
+Subject: Add method EncryptedPrivateKeyInfo.createPBES2
+From: Fraser Tweedale <ftweedal@redhat.com>
+Content-Type: text/plain
+found patch at byte 404
+message:
+Add method EncryptedPrivateKeyInfo.createPBES2
+The createPBE method does not support PBES2 (it is necessary to know
+the desired encrypted algorithm to derive the key and build the
+parameters data). Add the createPBES2 method, which uses PBKDF2 to
+derive the symmetric key and allows the caller to specify the
+encryption algorithm.
+
+cfu for ftweedal
+
+diff -r 0b8a6e84b6c7 -r b3b653faef84 org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
+--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java Fri Sep 08 11:50:21 2017 -0700
++++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java Fri Sep 08 11:53:36 2017 -0700
+@@ -155,6 +155,100 @@
+
+
+ /**
++ * Export a private key in PBES2 format, using a random PBKDF2 salt.
++ *
++ * Token must support the CKM_PKCS5_PBKD2 mechanism.
++ *
++ * @param saltLen Length of salt in bytes (default: 16)
++ * @param kdfIterations PBKDF2 iterations (default: 2000)
++ * @param encAlg The symmetric encryption algorithm for enciphering the
++ * private key. Determines the size of derived key.
++ * @param pwd Password
++ * @param charToByteConverter The mechanism for converting the characters
++ * in the password into bytes. If null, the default mechanism
++ * will be used, which is UTF8.
++ * @param privateKeyInfo The encoded PrivateKeyInfo to be encrypted and
++ * stored in the EncryptedContentInfo.
++ */
++ public static EncryptedPrivateKeyInfo createPBES2(
++ int saltLen,
++ int kdfIterations,
++ EncryptionAlgorithm encAlg,
++ Password pwd,
++ KeyGenerator.CharToByteConverter charToByteConverter,
++ PrivateKeyInfo privateKeyInfo)
++ throws CryptoManager.NotInitializedException, NoSuchAlgorithmException,
++ InvalidKeyException, InvalidAlgorithmParameterException, TokenException,
++ CharConversionException
++ {
++ if (encAlg == null)
++ throw new IllegalArgumentException("encAlg cannot be null");
++ if (pwd == null)
++ throw new IllegalArgumentException("pwd cannot be null");
++ if (privateKeyInfo == null)
++ throw new IllegalArgumentException("privateKeyInfo cannot be null");
++
++ if (kdfIterations < 1)
++ kdfIterations = 2000;
++ if (saltLen < 1)
++ saltLen = 16;
++
++ try {
++ // generate random PBKDF2 salt
++ SecureRandom random = new SecureRandom();
++ byte salt[] = new byte[saltLen];
++ random.nextBytes(salt);
++
++ // derive symmetric key from passphrase using PBKDF2
++ CryptoManager cm = CryptoManager.getInstance();
++ CryptoToken token = cm.getInternalCryptoToken();
++ KeyGenerator kg = token.getKeyGenerator(
++ PBEAlgorithm.PBE_PKCS5_PBKDF2);
++ PBEKeyGenParams pbekgParams = new PBEKeyGenParams(
++ pwd.getChars(), salt, kdfIterations, encAlg);
++ if (charToByteConverter != null)
++ kg.setCharToByteConverter(charToByteConverter);
++ kg.initialize(pbekgParams);
++ SymmetricKey sk = kg.generate();
++
++ // encrypt PrivateKeyInfo
++ byte iv[] = new byte[encAlg.getBlockSize()];
++ random.nextBytes(iv);
++ Cipher cipher = token.getCipherContext(encAlg);
++ cipher.initEncrypt(sk, new IVParameterSpec(iv));
++ byte[] encData = cipher.doFinal(ASN1Util.encode(privateKeyInfo));
++
++ // construct KDF AlgorithmIdentifier
++ SEQUENCE paramsKdf = new SEQUENCE();
++ paramsKdf.addElement(new OCTET_STRING(salt));
++ paramsKdf.addElement(new INTEGER((long) kdfIterations));
++ paramsKdf.addElement(new INTEGER((long) sk.getLength()));
++ AlgorithmIdentifier algIdKdf = new AlgorithmIdentifier(
++ PBEAlgorithm.PBE_PKCS5_PBKDF2.toOID(), paramsKdf);
++
++ // construct encryption AlgorithmIdentifier
++ AlgorithmIdentifier algIdEnc = new AlgorithmIdentifier(
++ encAlg.toOID(), new OCTET_STRING(iv));
++
++ // construct "composite" PBES2 AlgorithmIdentifier
++ SEQUENCE paramsPBES2 = new SEQUENCE();
++ paramsPBES2.addElement(algIdKdf);
++ paramsPBES2.addElement(algIdEnc);
++ AlgorithmIdentifier algIdPBES2 = new AlgorithmIdentifier(
++ PBEAlgorithm.PBE_PKCS5_PBES2.toOID(), paramsPBES2);
++
++ // construct EncryptedPrivateKeyInfo
++ return new EncryptedPrivateKeyInfo(algIdPBES2, new OCTET_STRING(encData));
++ } catch (IllegalBlockSizeException e) {
++ Assert.notReached("IllegalBlockSizeException in EncryptedContentInfo.createPBES2");
++ } catch (BadPaddingException e) {
++ Assert.notReached("BadPaddingException in EncryptedContentInfo.createPBES2");
++ }
++ return null; // unreachable
++ }
++
++
++ /**
+ * Creates a new EncryptedPrivateKeyInfo, where the data is encrypted
+ * with a password-based key-
+ * with wrapping/unwrapping happening on token.
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1504896964 25200
+# Fri Sep 08 11:56:04 2017 -0700
+# Node ID 87dca07f7529463398734d1279bcfd7023a43d4c
+# Parent b3b653faef8475ae03c670766429fd4dfab37a5e
+Bug 1370778 PBE and padded block cipher enhancements and fixes -
+patch jss-ftweedal-0013-Improve-error-reporting.patch
+Subject: Improve error reporting
+From: Fraser Tweedale <ftweedal@redhat.com>
+Content-Type: text/plain
+found patch at byte 157
+message:
+Improve error reporting
+
+cfu for ftweedal
+
+diff -r b3b653faef84 -r 87dca07f7529 org/mozilla/jss/pkcs11/PK11KeyWrapper.c
+--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.c Fri Sep 08 11:53:36 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.c Fri Sep 08 11:56:04 2017 -0700
+@@ -251,9 +251,7 @@
+ status = PK11_WrapPrivKey(slot, wrapping, toBeWrapped, mech, param,
+ &wrapped, NULL /* wincx */ );
+ if(status != SECSuccess) {
+- char err[256] = {0};
+- PR_snprintf(err, 256, "Wrapping operation failed on token:%d", PR_GetError());
+- JSS_throwMsg(env, TOKEN_EXCEPTION, err);
++ JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Wrapping operation failed on token");
+ goto finish;
+ }
+ PR_ASSERT(wrapped.len>0 && wrapped.data!=NULL);
+@@ -450,8 +448,8 @@
+ attribs, numAttribs, NULL /*wincx*/);
+ if( privk == NULL ) {
+ char err[256] = {0};
+- PR_snprintf(err, 256, "Key Unwrap failed on token:error=%d, keyType=%d", PR_GetError(), keyType);
+- JSS_throwMsg(env, TOKEN_EXCEPTION, err);
++ PR_snprintf(err, 256, "Key Unwrap failed on token; keyType=%d", keyType);
++ JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, err);
+ goto finish;
+ }
+
+diff -r b3b653faef84 -r 87dca07f7529 org/mozilla/jss/pkcs11/PK11Store.c
+--- a/org/mozilla/jss/pkcs11/PK11Store.c Fri Sep 08 11:53:36 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11Store.c Fri Sep 08 11:56:04 2017 -0700
+@@ -734,7 +734,7 @@
+ PR_TRUE /* isperm */, PR_TRUE /* isprivate */,
+ pubKey->keyType, keyUsage, NULL /* wincx */);
+ if (result != SECSuccess) {
+- JSS_throwMsg(
++ JSS_throwMsgPrErr(
+ env, TOKEN_EXCEPTION,
+ "Failed to import EncryptedPrivateKeyInfo to token");
+ goto finish;
diff --git a/SOURCES/jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch b/SOURCES/jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch
new file mode 100644
index 0000000..fb93dc0
--- /dev/null
+++ b/SOURCES/jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Fraser Tweedale<ftweedale@redhat.com>
+# Date 1505175862 25200
+# Mon Sep 11 17:24:22 2017 -0700
+# Node ID 3e9a5ae2149d04877dc19b117a8917c22854f8eb
+# Parent 87dca07f7529463398734d1279bcfd7023a43d4c
+Bug 1371147 PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails -
+patch jss-ftweedal-0011-Don-t-crash-if-PK11_ExportEncryptedPrivKeyInfo-retur.patch
+Subject: Don't crash if PK11_ExportEncryptedPrivKeyInfo returns NULL
+From: Fraser Tweedale <ftweedal@redhat.com>
+Content-Type: text/plain
+found patch at byte 239
+message:
+Don't crash if PK11_ExportEncryptedPrivKeyInfo returns NULL
+PK11_ExportEncryptedPrivKeyInfo returning NULL is not being handled
+properly, causing segfault. Detect this condition and raise a
+TokenException instead.
+
+cfu for ftweedal
+
+diff -r 87dca07f7529 -r 3e9a5ae2149d org/mozilla/jss/pkcs11/PK11Store.c
+--- a/org/mozilla/jss/pkcs11/PK11Store.c Fri Sep 08 11:56:04 2017 -0700
++++ b/org/mozilla/jss/pkcs11/PK11Store.c Mon Sep 11 17:24:22 2017 -0700
+@@ -581,6 +581,11 @@
+ // export the epki
+ epki = PK11_ExportEncryptedPrivKeyInfo(
+ slot, algTag, pwItem, privk, iterations, NULL /*wincx*/);
++ if (epki == NULL) {
++ JSS_throwMsgPrErr(
++ env, TOKEN_EXCEPTION, "Failed to export EncryptedPrivateKeyInfo");
++ goto finish;
++ }
+
+ // DER-encode the epki
+ if (SEC_ASN1EncodeItem(NULL, &epkiItem, epki,
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index 07214f3..ec2a94b 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -1,6 +1,7 @@
Name: jss
Version: 4.4.0
-Release: 7%{?dist}
+#Release: 8%{?dist}
+Release: 9.el7_4
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@@ -34,6 +35,10 @@ Requires: nss >= 3.28.4-6
Patch1: jss-post-rebase.patch
Patch2: jss-rhel-7-4-beta.patch
+Patch3: jss-HMAC-test-for-AES-encrypt-unwrap.patch
+Patch4: jss-PBE-padded-block-cipher-enhancements.patch
+Patch5: jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch
+Patch6: jss-HMAC-unwrap-keywrap-FIPSMODE.patch
%description
Java Security Services (JSS) is a java native interface which provides a bridge
@@ -53,6 +58,10 @@ This package contains the API documentation for JSS.
pushd jss
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
popd
%build
@@ -145,6 +154,18 @@ rm -rf $RPM_BUILD_ROOT
%{_javadocdir}/%{name}-%{version}/*
%changelog
+* Fri Oct 27 2017 Dogtag Team <pki-devel@redhat.com> 4.4.0-9
+- Bugzilla #1505690 - new JSS failures: HMAC Unwrap and KeyWrapping
+ FIPSMODE [rhel-7.4.z] (jmagne)
+
+* Mon Sep 11 2017 Dogtag Team <pki-devel@redhat.com> 4.4.0-8
+- Bugzilla #1488846 - Fix HmacTest code for AES encrypt/unwrap [rhel-7.4.z]
+ (jmagne)
+- Bugzilla #1490494 - PKCS12: (JSS) upgrade to at least AES and SHA2 (FIPS)
+ [RHEL-7.4.z] (ftweedal)
+- Bugzilla #1490740 - PK11Store.getEncryptedPrivateKeyInfo() segfault if
+ export fails [rhel-7.4.z] (ftweedal)
+
* Tue May 9 2017 Matthew Harmsen <mharmsen@redhat.com> - 4.4.0-7
- Bump NSS dependencies from 4.28.3 to 4.28.4-6 to pick-up fix in
Mozilla Bugzilla #1360207 - Fix incorrect if (ss->...) in SSL_ReconfigFD