rpms / nss

Clone
Source Code
GIT

Blame SOURCES/nss-3.66-restore-old-pkcs12-default.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   55ed906f68d0cf1141c193bc5f3acfc6a21f43f1
  2.   SOURCES
  3.   nss-3.66-restore-old-pkcs12-default.patch
Blob History Raw
1b57e1 
diff -up ./cmd/pk12util/pk12util.c.orig ./cmd/pk12util/pk12util.c
1b57e1 
--- ./cmd/pk12util/pk12util.c.orig	2021-05-28 02:50:43.000000000 -0700
1b57e1 
+++ ./cmd/pk12util/pk12util.c	2021-06-15 17:05:37.200262345 -0700
1b57e1 
@@ -1031,9 +1031,11 @@ main(int argc, char **argv)
1b57e1 
     char *export_file = NULL;
1b57e1 
     char *dbprefix = "";
1b57e1 
     SECStatus rv;
1b57e1 
-    SECOidTag cipher = SEC_OID_AES_256_CBC;
1b57e1 
-    SECOidTag hash = SEC_OID_SHA256;
1b57e1 
-    SECOidTag certCipher = SEC_OID_AES_128_CBC;
1b57e1 
+    SECOidTag cipher =
1b57e1 
+        SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
1b57e1 
+    SECOidTag hash = SEC_OID_SHA1;
1b57e1 
+    SECOidTag certCipher =
1b57e1 
+        SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
1b57e1 
     int keyLen = 0;
1b57e1 
     int certKeyLen = 0;
1b57e1 
     secuCommand pk12util;
1b57e1 
@@ -1147,6 +1149,9 @@ main(int argc, char **argv)
1b57e1 
         }
1b57e1 
     }
1b57e1
1b57e1 
+    if (PK11_IsFIPS()) {
1b57e1 
+        certCipher =  SEC_OID_UNKNOWN;
1b57e1 
+    }
1b57e1 
     if (pk12util.options[opt_CertCipher].activated) {
1b57e1 
         char *cipherString = pk12util.options[opt_CertCipher].arg;
1b57e1
1b57e1 
diff -up ./tests/tools/tools.sh.orig ./tests/tools/tools.sh
1b57e1 
--- ./tests/tools/tools.sh.orig	2021-06-15 17:06:27.650564449 -0700
1b57e1 
+++ ./tests/tools/tools.sh	2021-06-15 17:07:59.934117192 -0700
1b57e1 
@@ -47,9 +47,9 @@
1b57e1 
 "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC"
1b57e1
1b57e1 
   # if we change the defaults in pk12util, update these variables
1b57e1 
-  export CERT_ENCRYPTION_DEFAULT="AES-128-CBC"
1b57e1 
-  export KEY_ENCRYPTION_DEFAULT="AES-256-CBC"
1b57e1 
-  export HASH_DEFAULT="SHA-256"
1b57e1 
+  export CERT_ENCRYPTION_DEFAULT=${pkcs12v2pbeWithSha1And40BitRc2Cbc}
1b57e1 
+  export KEY_ENCRYPTION_DEFAULT=${pkcs12v2pbeWithSha1AndTripleDESCBC}
1b57e1 
+  export HASH_DEFAULT="SHA-1"
1b57e1
1b57e1 
   export PKCS5v1_PBE_CIPHERS="${pkcs5pbeWithMD2AndDEScbc},\
1b57e1 
 ${pkcs5pbeWithMD5AndDEScbc},\

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation