diff --git a/.gitignore b/.gitignore
index 9f715bd..8cd8873 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,7 @@ SOURCES/cert8.db.xml
SOURCES/cert9.db.xml
SOURCES/key3.db.xml
SOURCES/key4.db.xml
-SOURCES/nss-3.36.0.tar.gz
+SOURCES/nss-3.44.tar.gz
SOURCES/nss-config.xml
SOURCES/secmod.db.xml
SOURCES/setup-nsssysinit.xml
diff --git a/.nss.metadata b/.nss.metadata
index 542343e..829bbd4 100644
--- a/.nss.metadata
+++ b/.nss.metadata
@@ -10,7 +10,7 @@ bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db
7cbb7841b1aefe52534704bf2a4358bfea1aa477 SOURCES/cert9.db.xml
24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml
af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml
-e9d8137e035efed17bd0ca12db497dbeff9b828e SOURCES/nss-3.36.0.tar.gz
+44a83b1bf4efd27605177ecdbf217e579ae8c8ae SOURCES/nss-3.44.tar.gz
2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml
ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml
bcbe05281b38d843273f91ae3f9f19f70c7d97b3 SOURCES/setup-nsssysinit.xml
diff --git a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
index 527b312..99a0919 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
@@ -1,19 +1,21 @@
diff -up nss/lib/ssl/config.mk.disableSSL2libssl nss/lib/ssl/config.mk
---- nss/lib/ssl/config.mk.disableSSL2libssl 2017-01-04 15:24:24.000000000 +0100
-+++ nss/lib/ssl/config.mk 2017-01-16 10:53:47.629894929 +0100
-@@ -69,3 +69,8 @@ endif
- ifdef NSS_DISABLE_TLS_1_3
+--- nss/lib/ssl/config.mk.disableSSL2libssl 2019-03-28 10:36:01.859196244 +0100
++++ nss/lib/ssl/config.mk 2019-03-28 10:36:53.250120885 +0100
+@@ -61,6 +61,10 @@ ifdef NSS_DISABLE_TLS_1_3
DEFINES += -DNSS_DISABLE_TLS_1_3
endif
-+
+
+ifdef NSS_NO_SSL2
+DEFINES += -DNSS_NO_SSL2
+endif
+
+ ifeq (,$(filter-out DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+ CFLAGS += -std=gnu99
+ endif
diff -up nss/lib/ssl/sslsock.c.disableSSL2libssl nss/lib/ssl/sslsock.c
---- nss/lib/ssl/sslsock.c.disableSSL2libssl 2017-01-16 10:53:47.615895344 +0100
-+++ nss/lib/ssl/sslsock.c 2017-01-16 10:54:16.088051233 +0100
-@@ -1221,6 +1221,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+--- nss/lib/ssl/sslsock.c.disableSSL2libssl 2019-03-28 10:36:01.849196454 +0100
++++ nss/lib/ssl/sslsock.c 2019-03-28 10:36:01.860196223 +0100
+@@ -1363,6 +1363,10 @@ SSLExp_SetMaxEarlyDataSize(PRFileDesc *f
static PRBool
ssl_IsRemovedCipherSuite(PRInt32 suite)
{
diff --git a/SOURCES/Bug-1001841-disable-sslv2-tests.patch b/SOURCES/Bug-1001841-disable-sslv2-tests.patch
index 96569b2..093bb54 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-tests.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-tests.patch
@@ -1,9 +1,9 @@
diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
---- nss/tests/ssl/ssl.sh.disableSSL2tests 2018-03-05 16:58:32.000000000 +0100
-+++ nss/tests/ssl/ssl.sh 2018-03-09 17:24:07.047568191 +0100
+--- nss/tests/ssl/ssl.sh.disableSSL2tests 2019-03-16 01:25:08.000000000 +0100
++++ nss/tests/ssl/ssl.sh 2019-03-28 10:39:14.254180729 +0100
@@ -68,9 +68,14 @@ ssl_init()
NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
-
+
# Test case files
- SSLCOV=${QADIR}/ssl/sslcov.txt
+ if [ "${NSS_NO_SSL2}" = "1" ]; then
@@ -42,8 +42,8 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
fi
fi
is_selfserv_alive
-@@ -275,7 +288,7 @@ ssl_cov()
- start_selfserv # Launch the server
+@@ -278,7 +291,7 @@ ssl_cov()
+ start_selfserv $CIPHER_SUITES # Launch the server
VMIN="ssl3"
- VMAX="tls1.1"
@@ -51,7 +51,7 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
ignore_blank_lines ${SSLCOV} | \
while read ectype testmax param testname
-@@ -283,6 +296,12 @@ ssl_cov()
+@@ -286,6 +299,12 @@ ssl_cov()
echo "${testname}" | grep "EXPORT" > /dev/null
EXP=$?
@@ -61,6 +61,6 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh
+ continue
+ fi
+
- if [ "$ectype" = "ECC" ] ; then
- echo "$SCRIPTNAME: skipping $testname (ECC only)"
- else
+ # RSA-PSS tests are handled in a separate function
+ case $testname in
+ *RSA-PSS)
diff --git a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
deleted file mode 100644
index dde5dcb..0000000
--- a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-diff -up nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11pars.c
---- nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode 2018-03-05 16:58:32.000000000 +0100
-+++ nss/lib/pk11wrap/pk11pars.c 2018-03-09 17:24:39.815838810 +0100
-@@ -671,6 +671,10 @@ SECMOD_CreateModuleEx(const char *librar
-
- mod->internal = NSSUTIL_ArgHasFlag("flags", "internal", nssc);
- mod->isFIPS = NSSUTIL_ArgHasFlag("flags", "FIPS", nssc);
-+ /* if the system FIPS mode is enabled, force FIPS to be on */
-+ if (SECMOD_GetSystemFIPSEnabled()) {
-+ mod->isFIPS = PR_TRUE;
-+ }
- mod->isCritical = NSSUTIL_ArgHasFlag("flags", "critical", nssc);
- slotParams = NSSUTIL_ArgGetParamValue("slotParams", nssc);
- mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena, slotParams,
-diff -up nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11util.c
---- nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode 2018-03-05 16:58:32.000000000 +0100
-+++ nss/lib/pk11wrap/pk11util.c 2018-03-09 17:25:46.804347730 +0100
-@@ -95,6 +95,26 @@ SECMOD_Shutdown()
- return SECSuccess;
- }
-
-+int SECMOD_GetSystemFIPSEnabled(void) {
-+#ifdef LINUX
-+ FILE *f;
-+ char d;
-+ size_t size;
-+
-+ f = fopen("/proc/sys/crypto/fips_enabled", "r");
-+ if (!f)
-+ return 0;
-+
-+ size = fread(&d, 1, 1, f);
-+ fclose(f);
-+ if (size != 1)
-+ return 0;
-+ if (d == '1')
-+ return 1;
-+#endif
-+ return 0;
-+}
-+
- /*
- * retrieve the internal module
- */
-@@ -428,7 +448,7 @@ SECMOD_DeleteInternalModule(const char *
- SECMODModuleList **mlpp;
- SECStatus rv = SECFailure;
-
-- if (pendingModule) {
-+ if (SECMOD_GetSystemFIPSEnabled() || pendingModule) {
- PORT_SetError(SEC_ERROR_MODULE_STUCK);
- return rv;
- }
-@@ -963,7 +983,7 @@ SECMOD_CanDeleteInternalModule(void)
- #ifdef NSS_FIPS_DISABLED
- return PR_FALSE;
- #else
-- return (PRBool)(pendingModule == NULL);
-+ return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
- #endif
- }
-
-diff -up nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/secmodi.h
---- nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode 2018-03-05 16:58:32.000000000 +0100
-+++ nss/lib/pk11wrap/secmodi.h 2018-03-09 17:24:39.816838788 +0100
-@@ -115,6 +115,13 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd
- CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
- SECItem **param, SECItem *pwd, PRBool faulty3DES);
-
-+/* Get the state of the system FIPS mode */
-+/* NSS uses this to force FIPS mode if the system bit is on. Applications which
-+ * use the SECMOD_CanDeleteInteral() to check to see if they can switch to or
-+ * from FIPS mode will automatically be told that they can't swith out of FIPS
-+ * mode */
-+int SECMOD_GetSystemFIPSEnabled();
-+
- extern void pk11sdr_Init(void);
- extern void pk11sdr_Shutdown(void);
-
diff --git a/SOURCES/nss-3.36-ipsec_cert_vfy.patch b/SOURCES/nss-3.36-ipsec_cert_vfy.patch
deleted file mode 100644
index 50d71ad..0000000
--- a/SOURCES/nss-3.36-ipsec_cert_vfy.patch
+++ /dev/null
@@ -1,820 +0,0 @@
-# HG changeset patch
-# User Robert Relyea <rrelyea@redhat.com>
-# Date 1541713180 28800
-# Thu Nov 08 13:39:40 2018 -0800
-# Node ID 0c8334a3b23372556ebedbdfe513417eb9ee55a0
-# Parent 070bebf39672054410437b0cf931e00a8920a1ff
-try: -b do -p all -u all -t all
-
-diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
---- a/cmd/certutil/certutil.c
-+++ b/cmd/certutil/certutil.c
-@@ -736,16 +736,19 @@ ValidateCert(CERTCertDBHandle *handle, c
- usage = certificateUsageVerifyCA;
- break;
- case 'C':
- usage = certificateUsageSSLClient;
- break;
- case 'V':
- usage = certificateUsageSSLServer;
- break;
-+ case 'I':
-+ usage = certificateUsageIPsec;
-+ break;
- case 'S':
- usage = certificateUsageEmailSigner;
- break;
- case 'R':
- usage = certificateUsageEmailRecipient;
- break;
- case 'J':
- usage = certificateUsageObjectSigner;
-@@ -1701,16 +1704,17 @@ luV(enum usage_level ul, const char *com
- " -n cert-name");
- FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n",
- " -b time");
- FPS "%-20s Check certificate signature \n",
- " -e ");
- FPS "%-20s Specify certificate usage:\n", " -u certusage");
- FPS "%-25s C \t SSL Client\n", "");
- FPS "%-25s V \t SSL Server\n", "");
-+ FPS "%-25s I \t IPsec\n", "");
- FPS "%-25s L \t SSL CA\n", "");
- FPS "%-25s A \t Any CA\n", "");
- FPS "%-25s Y \t Verify CA\n", "");
- FPS "%-25s S \t Email signer\n", "");
- FPS "%-25s R \t Email Recipient\n", "");
- FPS "%-25s O \t OCSP status responder\n", "");
- FPS "%-25s J \t Object signer\n", "");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
-diff --git a/cmd/dbck/dbrecover.c b/cmd/dbck/dbrecover.c
---- a/cmd/dbck/dbrecover.c
-+++ b/cmd/dbck/dbrecover.c
-@@ -283,17 +283,18 @@ addCertToDB(certDBEntryCert *certEntry,
- userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
- (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
- (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
- if (userCert)
- goto createcert;
-
- /* If user chooses so, ignore expired certificates. */
- allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) ||
-- (oldCert->keyUsage == certUsageSSLServerWithStepUp));
-+ (oldCert->keyUsage == certUsageSSLServerWithStepUp) ||
-+ (oldCert->keyUsage == certUsageIPsec));
- validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride);
- /* If cert expired and user wants to delete it, ignore it. */
- if ((validity != secCertTimeValid) &&
- userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) {
- info->dbErrors[dbInvalidCert]++;
- if (info->verbose) {
- PR_fprintf(info->out, "Deleting expired certificate:\n");
- dumpCertificate(oldCert, -1, info->out);
-diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c
---- a/cmd/ocspclnt/ocspclnt.c
-+++ b/cmd/ocspclnt/ocspclnt.c
-@@ -129,16 +129,18 @@ long_usage(char *progname)
- PR_fprintf(pr_stderr,
- " %-13s Type of certificate usage for verification:\n",
- "-u usage");
- PR_fprintf(pr_stderr,
- "%-17s c SSL Client\n", "");
- PR_fprintf(pr_stderr,
- "%-17s s SSL Server\n", "");
- PR_fprintf(pr_stderr,
-+ "%-17s I IPsec\n", "");
-+ PR_fprintf(pr_stderr,
- "%-17s e Email Recipient\n", "");
- PR_fprintf(pr_stderr,
- "%-17s E Email Signer\n", "");
- PR_fprintf(pr_stderr,
- "%-17s S Object Signer\n", "");
- PR_fprintf(pr_stderr,
- "%-17s C CA\n", "");
- PR_fprintf(pr_stderr,
-@@ -903,16 +905,19 @@ cert_usage_from_char(const char *cert_us
-
- switch (*cert_usage_str) {
- case 'c':
- *cert_usage = certUsageSSLClient;
- break;
- case 's':
- *cert_usage = certUsageSSLServer;
- break;
-+ case 'I':
-+ *cert_usage = certUsageIPsec;
-+ break;
- case 'e':
- *cert_usage = certUsageEmailRecipient;
- break;
- case 'E':
- *cert_usage = certUsageEmailSigner;
- break;
- case 'S':
- *cert_usage = certUsageObjectSigner;
-diff --git a/cmd/p7verify/p7verify.c b/cmd/p7verify/p7verify.c
---- a/cmd/p7verify/p7verify.c
-+++ b/cmd/p7verify/p7verify.c
-@@ -112,16 +112,17 @@ Usage(char *progName)
- fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " ");
- fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " ");
- fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " ");
- fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " ");
- fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " ");
- fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " ");
- fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
- fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
-+ fprintf(stderr, "%-25s 12 - certUsageIPsec\n", " ");
-
- exit(-1);
- }
-
- static int
- HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
- SECCertUsage usage, char *progName)
- {
-diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c
---- a/cmd/smimetools/cmsutil.c
-+++ b/cmd/smimetools/cmsutil.c
-@@ -110,16 +110,17 @@ Usage(void)
- fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " ");
- fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " ");
- fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " ");
- fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " ");
- fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " ");
- fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " ");
- fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
- fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
-+ fprintf(stderr, "%-25s 12 - certUsageIPsec\n", " ");
-
- exit(-1);
- }
-
- struct optionsStr {
- char *pwfile;
- char *password;
- SECCertUsage certUsage;
-diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c
---- a/cmd/vfychain/vfychain.c
-+++ b/cmd/vfychain/vfychain.c
-@@ -59,17 +59,18 @@ Usage(const char *progName)
- "\t-o oid\t\t Set policy OID for cert validation(Format OID.1.2.3)\n"
- "\t-p \t\t Use PKIX Library to validate certificate by calling:\n"
- "\t\t\t * CERT_VerifyCertificate if specified once,\n"
- "\t\t\t * CERT_PKIXVerifyCert if specified twice and more.\n"
- "\t-r\t\t Following certfile is raw binary DER (default)\n"
- "\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
- "\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
- "\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
-- "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
-+ "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA,\n"
-+ "\t\t\t 12=IPsec\n"
- "\t-T\t\t Trust both explicit trust anchors (-t) and the database.\n"
- "\t\t\t (Default is to only trust certificates marked -t, if there are any,\n"
- "\t\t\t or to trust the database if there are certificates marked -t.)\n"
- "\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
- "\t\t\t argument for whole root cert info)\n"
- "\t-w password\t Database password.\n"
- "\t-W pwfile\t Password file.\n\n"
- "\tRevocation options for PKIX API(invoked with -pp options) is a\n"
-diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c
---- a/lib/certdb/certdb.c
-+++ b/lib/certdb/certdb.c
-@@ -441,16 +441,84 @@ cert_GetCertType(CERTCertificate *cert)
- nsCertType = cert_ComputeCertType(cert);
-
- /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */
- PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32));
- PR_ATOMIC_SET((PRInt32 *)&cert->nsCertType, nsCertType);
- return SECSuccess;
- }
-
-+PRBool
-+cert_EKUAllowsIPsecIKE(CERTCertificate *cert, PRBool *isCritical)
-+{
-+ SECStatus rv;
-+ SECItem encodedExtKeyUsage;
-+ CERTOidSequence *extKeyUsage = NULL;
-+ PRBool result = PR_FALSE;
-+
-+ rv = CERT_GetExtenCriticality(cert->extensions,
-+ SEC_OID_X509_EXT_KEY_USAGE,
-+ isCritical);
-+ if (rv != SECSuccess) {
-+ *isCritical = PR_FALSE;
-+ }
-+
-+ encodedExtKeyUsage.data = NULL;
-+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
-+ &encodedExtKeyUsage);
-+ if (rv != SECSuccess) {
-+ /* EKU not present, allowed. */
-+ result = PR_TRUE;
-+ goto done;
-+ }
-+
-+ extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
-+ if (!extKeyUsage) {
-+ /* failure */
-+ goto done;
-+ }
-+
-+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+ SEC_OID_X509_ANY_EXT_KEY_USAGE) ==
-+ SECSuccess) {
-+ result = PR_TRUE;
-+ goto done;
-+ }
-+
-+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+ SEC_OID_EXT_KEY_USAGE_IPSEC_IKE) ==
-+ SECSuccess) {
-+ result = PR_TRUE;
-+ goto done;
-+ }
-+
-+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+ SEC_OID_IPSEC_IKE_END) ==
-+ SECSuccess) {
-+ result = PR_TRUE;
-+ goto done;
-+ }
-+
-+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
-+ SEC_OID_IPSEC_IKE_INTERMEDIATE) ==
-+ SECSuccess) {
-+ result = PR_TRUE;
-+ goto done;
-+ }
-+
-+done:
-+ if (encodedExtKeyUsage.data != NULL) {
-+ PORT_Free(encodedExtKeyUsage.data);
-+ }
-+ if (extKeyUsage != NULL) {
-+ CERT_DestroyOidSequence(extKeyUsage);
-+ }
-+ return result;
-+}
-+
- PRUint32
- cert_ComputeCertType(CERTCertificate *cert)
- {
- SECStatus rv;
- SECItem tmpitem;
- SECItem encodedExtKeyUsage;
- CERTOidSequence *extKeyUsage = NULL;
- PRBool basicConstraintPresent = PR_FALSE;
-@@ -1078,16 +1146,20 @@ CERT_KeyUsageAndTypeForCertUsage(SECCert
- case certUsageSSLClient:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLServer:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
-+ case certUsageIPsec:
-+ requiredKeyUsage = KU_KEY_CERT_SIGN;
-+ requiredCertType = NS_CERT_TYPE_SSL_CA;
-+ break;
- case certUsageSSLCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageEmailSigner:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_EMAIL_CA;
- break;
-@@ -1120,16 +1192,21 @@ CERT_KeyUsageAndTypeForCertUsage(SECCert
- */
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = NS_CERT_TYPE_SSL_CLIENT;
- break;
- case certUsageSSLServer:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
- requiredCertType = NS_CERT_TYPE_SSL_SERVER;
- break;
-+ case certUsageIPsec:
-+ /* RFC 4945 Section 5.1.3.2 */
-+ requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
-+ requiredCertType = 0;
-+ break;
- case certUsageSSLServerWithStepUp:
- requiredKeyUsage =
- KU_KEY_AGREEMENT_OR_ENCIPHERMENT | KU_NS_GOVT_APPROVED;
- requiredCertType = NS_CERT_TYPE_SSL_SERVER;
- break;
- case certUsageSSLCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
-diff --git a/lib/certdb/certi.h b/lib/certdb/certi.h
---- a/lib/certdb/certi.h
-+++ b/lib/certdb/certi.h
-@@ -289,16 +289,19 @@ SECStatus cert_DestroyLocks(void);
- extern SECStatus cert_GetCertType(CERTCertificate* cert);
-
- /*
- * compute and return the value of nsCertType for cert, but do not
- * update the CERTCertificate.
- */
- extern PRUint32 cert_ComputeCertType(CERTCertificate* cert);
-
-+extern PRBool cert_EKUAllowsIPsecIKE(CERTCertificate* cert,
-+ PRBool* isCritical);
-+
- void cert_AddToVerifyLog(CERTVerifyLog* log, CERTCertificate* cert,
- long errorCode, unsigned int depth, void* arg);
-
- /* Insert a DER CRL into the CRL cache, and take ownership of it.
- *
- * cert_CacheCRLByGeneralName takes ownership of the memory in crl argument
- * completely. crl must be freeable by SECITEM_FreeItem. It will be freed
- * immediately if it is rejected from the CRL cache, or later during cache
-diff --git a/lib/certdb/certt.h b/lib/certdb/certt.h
---- a/lib/certdb/certt.h
-+++ b/lib/certdb/certt.h
-@@ -442,17 +442,18 @@ typedef enum SECCertUsageEnum {
- certUsageSSLCA = 3,
- certUsageEmailSigner = 4,
- certUsageEmailRecipient = 5,
- certUsageObjectSigner = 6,
- certUsageUserCertImport = 7,
- certUsageVerifyCA = 8,
- certUsageProtectedObjectSigner = 9,
- certUsageStatusResponder = 10,
-- certUsageAnyCA = 11
-+ certUsageAnyCA = 11,
-+ certUsageIPsec = 12
- } SECCertUsage;
-
- typedef PRInt64 SECCertificateUsage;
-
- #define certificateUsageCheckAllUsages (0x0000)
- #define certificateUsageSSLClient (0x0001)
- #define certificateUsageSSLServer (0x0002)
- #define certificateUsageSSLServerWithStepUp (0x0004)
-@@ -460,18 +461,19 @@ typedef PRInt64 SECCertificateUsage;
- #define certificateUsageEmailSigner (0x0010)
- #define certificateUsageEmailRecipient (0x0020)
- #define certificateUsageObjectSigner (0x0040)
- #define certificateUsageUserCertImport (0x0080)
- #define certificateUsageVerifyCA (0x0100)
- #define certificateUsageProtectedObjectSigner (0x0200)
- #define certificateUsageStatusResponder (0x0400)
- #define certificateUsageAnyCA (0x0800)
-+#define certificateUsageIPsec (0x1000)
-
--#define certificateUsageHighest certificateUsageAnyCA
-+#define certificateUsageHighest certificateUsageIPsec
-
- /*
- * Does the cert belong to the user, a peer, or a CA.
- */
- typedef enum CERTCertOwnerEnum {
- certOwnerUser = 0,
- certOwnerPeer = 1,
- certOwnerCA = 2
-diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
---- a/lib/certhigh/certvfy.c
-+++ b/lib/certhigh/certvfy.c
-@@ -284,16 +284,20 @@ CERT_TrustFlagsForCACertUsage(SECCertUsa
- requiredFlags = CERTDB_TRUSTED_CLIENT_CA;
- trustType = trustSSL;
- break;
- case certUsageSSLServer:
- case certUsageSSLCA:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustSSL;
- break;
-+ case certUsageIPsec:
-+ requiredFlags = CERTDB_TRUSTED_CA;
-+ trustType = trustSSL;
-+ break;
- case certUsageSSLServerWithStepUp:
- requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA;
- trustType = trustSSL;
- break;
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustEmail;
-@@ -574,16 +578,17 @@ cert_VerifyCertChainOld(CERTCertDBHandle
- EXIT_IF_NOT_LOGGING(log);
- requiredCAKeyUsage = 0;
- caCertType = 0;
- }
-
- switch (certUsage) {
- case certUsageSSLClient:
- case certUsageSSLServer:
-+ case certUsageIPsec:
- case certUsageSSLCA:
- case certUsageSSLServerWithStepUp:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageVerifyCA:
- case certUsageAnyCA:
- case certUsageStatusResponder:
-@@ -640,17 +645,18 @@ cert_VerifyCertChainOld(CERTCertDBHandle
- * certifcates (except leaf (EE) certs, root CAs, and self-issued
- * intermediate CAs) to be verified against the name constraints
- * extension of the issuer certificate.
- */
- if (subjectCertIsSelfIssued == PR_FALSE) {
- CERTGeneralName *subjectNameList;
- int subjectNameListLen;
- int i;
-- PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer);
-+ PRBool getSubjectCN = (!count &&
-+ (certUsage == certUsageSSLServer || certUsage == certUsageIPsec));
- subjectNameList =
- CERT_GetConstrainedCertificateNames(subjectCert, arena,
- getSubjectCN);
- if (!subjectNameList)
- goto loser;
- subjectNameListLen = CERT_GetNamesLength(subjectNameList);
- if (!subjectNameListLen)
- goto loser;
-@@ -981,16 +987,17 @@ CERT_VerifyCACertForUsage(CERTCertDBHand
- EXIT_IF_NOT_LOGGING(log);
- requiredCAKeyUsage = 0;
- caCertType = 0;
- }
-
- switch (certUsage) {
- case certUsageSSLClient:
- case certUsageSSLServer:
-+ case certUsageIPsec:
- case certUsageSSLCA:
- case certUsageSSLServerWithStepUp:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageVerifyCA:
- case certUsageStatusResponder:
- if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
-@@ -1166,16 +1173,17 @@ cert_CheckLeafTrust(CERTCertificate *cer
- *failedFlags = 0;
- *trusted = PR_FALSE;
-
- /* check trust flags to see if this cert is directly trusted */
- if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
- switch (certUsage) {
- case certUsageSSLClient:
- case certUsageSSLServer:
-+ case certUsageIPsec:
- flags = trust.sslFlags;
-
- /* is the cert directly trusted or not trusted ? */
- if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if (flags & CERTDB_TRUSTED) { /* trust this cert */
- *trusted = PR_TRUE;
- return SECSuccess;
-@@ -1342,45 +1350,48 @@ CERT_VerifyCertificate(CERTCertDBHandle
- /* we don't have a place to return status for all usages,
- so we can skip checks for usages that aren't required */
- checkAllUsages = PR_FALSE;
- }
- valid = SECSuccess; /* start off assuming cert is valid */
-
- /* make sure that the cert is valid at time t */
- allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) ||
-- (requiredUsages & certificateUsageSSLServerWithStepUp));
-+ (requiredUsages & certificateUsageSSLServerWithStepUp) ||
-+ (requiredUsages & certificateUsageIPsec));
- validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
- if (validity != secCertTimeValid) {
- valid = SECFailure;
- LOG_ERROR_OR_EXIT(log, cert, 0, validity);
- }
-
- /* check key usage and netscape cert type */
- cert_GetCertType(cert);
- certType = cert->nsCertType;
-
- for (i = 1; i <= certificateUsageHighest &&
- (SECSuccess == valid || returnedUsages || log);) {
-+ PRBool typeAndEKUAllowed = PR_TRUE;
- PRBool requiredUsage = (i & requiredUsages) ? PR_TRUE : PR_FALSE;
- if (PR_FALSE == requiredUsage && PR_FALSE == checkAllUsages) {
- NEXT_USAGE();
- }
- if (returnedUsages) {
- *returnedUsages |= i; /* start off assuming this usage is valid */
- }
- switch (certUsage) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLServerWithStepUp:
- case certUsageSSLCA:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageStatusResponder:
-+ case certUsageIPsec:
- rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
- &requiredKeyUsage,
- &requiredCertType);
- if (rv != SECSuccess) {
- PORT_Assert(0);
- /* EXIT_IF_NOT_LOGGING(log); XXX ??? */
- requiredKeyUsage = 0;
- requiredCertType = 0;
-@@ -1403,17 +1414,29 @@ CERT_VerifyCertificate(CERTCertDBHandle
- }
- if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) {
- if (PR_TRUE == requiredUsage) {
- PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
- }
- LOG_ERROR(log, cert, 0, requiredKeyUsage);
- INVALID_USAGE();
- }
-- if (!(certType & requiredCertType)) {
-+ if (certUsage != certUsageIPsec) {
-+ if (!(certType & requiredCertType)) {
-+ typeAndEKUAllowed = PR_FALSE;
-+ }
-+ } else {
-+ PRBool isCritical;
-+ PRBool allowed = cert_EKUAllowsIPsecIKE(cert, &isCritical);
-+ /* If the extension isn't critical, we allow any EKU value. */
-+ if (isCritical && !allowed) {
-+ typeAndEKUAllowed = PR_FALSE;
-+ }
-+ }
-+ if (!typeAndEKUAllowed) {
- if (PR_TRUE == requiredUsage) {
- PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
- }
- LOG_ERROR(log, cert, 0, requiredCertType);
- INVALID_USAGE();
- }
-
- rv = cert_CheckLeafTrust(cert, certUsage, &flags, &trusted);
-@@ -1503,29 +1526,31 @@ cert_VerifyCertWithFlags(CERTCertDBHandl
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
- LOG_ERROR_OR_EXIT(log, cert, 0, 0);
- }
- #endif
-
- /* make sure that the cert is valid at time t */
- allowOverride = (PRBool)((certUsage == certUsageSSLServer) ||
-- (certUsage == certUsageSSLServerWithStepUp));
-+ (certUsage == certUsageSSLServerWithStepUp) ||
-+ (certUsage == certUsageIPsec));
- validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
- if (validity != secCertTimeValid) {
- LOG_ERROR_OR_EXIT(log, cert, 0, validity);
- }
-
- /* check key usage and netscape cert type */
- cert_GetCertType(cert);
- certType = cert->nsCertType;
- switch (certUsage) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLServerWithStepUp:
-+ case certUsageIPsec:
- case certUsageSSLCA:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageStatusResponder:
- rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
- &requiredKeyUsage,
- &requiredCertType);
-@@ -1628,16 +1653,17 @@ CERT_VerifyCertNow(CERTCertDBHandle *han
- }
-
- /* [ FROM pcertdb.c ] */
- /*
- * Supported usage values and types:
- * certUsageSSLClient
- * certUsageSSLServer
- * certUsageSSLServerWithStepUp
-+ * certUsageIPsec
- * certUsageEmailSigner
- * certUsageEmailRecipient
- * certUsageObjectSigner
- */
-
- CERTCertificate *
- CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
- CERTCertOwner owner, SECCertUsage usage,
-diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
---- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
-+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
-@@ -2909,17 +2909,18 @@ PKIX_PL_Cert_CheckValidity(
- PKIX_DATEGETPRTIMEFAILED);
- } else {
- timeToCheck = PR_Now();
- }
-
- requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
- allowOverride =
- (PRBool)((requiredUsages & certificateUsageSSLServer) ||
-- (requiredUsages & certificateUsageSSLServerWithStepUp));
-+ (requiredUsages & certificateUsageSSLServerWithStepUp) ||
-+ (requiredUsages & certificateUsageIPsec));
- val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
- if (val != secCertTimeValid){
- PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED);
- }
-
- cleanup:
- PKIX_RETURN(CERT);
- }
-@@ -2996,18 +2997,27 @@ PKIX_PL_Cert_VerifyCertAndKeyType(
- /* use this key usage and cert type for certUsageAnyCA and
- * certUsageVerifyCA. */
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_CA;
- }
- if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) {
- PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED);
- }
-- if (!(certType & requiredCertType)) {
-- PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
-+ if (certUsage != certUsageIPsec) {
-+ if (!(certType & requiredCertType)) {
-+ PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
-+ }
-+ } else {
-+ PRBool isCritical;
-+ PRBool allowed = cert_EKUAllowsIPsecIKE(cert->nssCert, &isCritical);
-+ /* If the extension isn't critical, we allow any EKU value. */
-+ if (isCritical && !allowed) {
-+ PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
-+ }
- }
- cleanup:
- PKIX_DECREF(basicConstraints);
- PKIX_RETURN(CERT);
- }
-
- /*
- * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h)
-diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
---- a/tests/chains/chains.sh
-+++ b/tests/chains/chains.sh
-@@ -347,16 +347,22 @@ create_cert_req()
- OPTIONS=
-
- if [ "${TYPE}" != "EE" ]; then
- CA_FLAG="-2"
- EXT_DATA="y
- -1
- y
- "
-+ else
-+ CA_FLAG="-2"
-+ EXT_DATA="n
-+-1
-+y
-+"
- fi
-
- process_crldp
-
- echo "${EXT_DATA}" > ${CU_DATA}
-
- TESTNAME="Creating ${TYPE} certifiate request ${REQ}"
- echo "${SCRIPTNAME}: ${TESTNAME}"
-@@ -1253,16 +1259,22 @@ process_scenario()
-
- while read AIA_FILE
- do
- rm ${AIA_FILE} 2> /dev/null
- done < ${AIA_FILES}
- rm ${AIA_FILES}
- }
-
-+# process ipsec.cfg separately
-+chains_ipsec()
-+{
-+ process_scenario "ipsec.cfg"
-+}
-+
- # process ocspd.cfg separately
- chains_ocspd()
- {
- process_scenario "ocspd.cfg"
- }
-
- # process ocsp.cfg separately
- chains_method()
-@@ -1274,29 +1286,31 @@ chains_method()
- # local shell function to process all testing scenarios
- ########################################################################
- chains_main()
- {
- while read LINE
- do
- [ `echo ${LINE} | cut -b 1` != "#" ] || continue
-
-+ [ ${LINE} != 'ipsec.cfg' ] || continue
- [ ${LINE} != 'ocspd.cfg' ] || continue
- [ ${LINE} != 'method.cfg' ] || continue
-
- process_scenario ${LINE}
- done < "${CHAINS_SCENARIOS}"
- }
-
- ################################ main ##################################
-
- chains_init
- VERIFY_CLASSIC_ENGINE_TOO=
- chains_ocspd
- VERIFY_CLASSIC_ENGINE_TOO=1
-+chains_ipsec
- chains_run_httpserv get
- chains_method
- chains_stop_httpserv
- chains_run_httpserv post
- chains_method
- chains_stop_httpserv
- VERIFY_CLASSIC_ENGINE_TOO=
- chains_run_httpserv random
-diff --git a/tests/chains/scenarios/ipsec.cfg b/tests/chains/scenarios/ipsec.cfg
-new file mode 100644
---- /dev/null
-+++ b/tests/chains/scenarios/ipsec.cfg
-@@ -0,0 +1,61 @@
-+# This Source Code Form is subject to the terms of the Mozilla Public
-+# License, v. 2.0. If a copy of the MPL was not distributed with this
-+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-+
-+scenario IPsec
-+
-+entity Root
-+ type Root
-+
-+entity CA1
-+ type Intermediate
-+ issuer Root
-+
-+entity NoKU
-+ type EE
-+ issuer CA1
-+
-+entity DigSig
-+ type EE
-+ issuer CA1
-+ ku digitalSignature
-+
-+entity NonRep
-+ type EE
-+ issuer CA1
-+ ku nonRepudiation
-+
-+entity DigSigNonRepAndExtra
-+ type EE
-+ issuer CA1
-+ ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
-+
-+entity NoMatch
-+ type EE
-+ issuer CA1
-+ ku keyEncipherment,dataEncipherment,keyAgreement
-+
-+db All
-+
-+import Root::C,,
-+import CA1:Root:
-+
-+verify NoKU:CA1
-+ usage 12
-+ result pass
-+
-+verify DigSig:CA1
-+ usage 12
-+ result pass
-+
-+verify NonRep:CA1
-+ usage 12
-+ result pass
-+
-+verify DigSigNonRepAndExtra:CA1
-+ usage 12
-+ result pass
-+
-+verify NoMatch:CA1
-+ usage 12
-+ result fail
-diff --git a/tests/chains/scenarios/scenarios b/tests/chains/scenarios/scenarios
---- a/tests/chains/scenarios/scenarios
-+++ b/tests/chains/scenarios/scenarios
-@@ -17,8 +17,9 @@ bridgewithhalfaia.cfg
- bridgewithpolicyextensionandmapping.cfg
- realcerts.cfg
- dsa.cfg
- revoc.cfg
- ocsp.cfg
- crldp.cfg
- trustanchors.cfg
- nameconstraints.cfg
-+ipsec.cfg
diff --git a/SOURCES/nss-add-ipsec-usage-to-manpage.patch b/SOURCES/nss-add-ipsec-usage-to-manpage.patch
new file mode 100644
index 0000000..cedd6a3
--- /dev/null
+++ b/SOURCES/nss-add-ipsec-usage-to-manpage.patch
@@ -0,0 +1,13 @@
+diff -up ./nss/doc/certutil.xml.add_ipsec_usage ./nss/doc/certutil.xml
+--- ./nss/doc/certutil.xml.add_ipsec_usage 2019-06-05 09:40:37.848895763 -0700
++++ ./nss/doc/certutil.xml 2019-06-05 09:40:47.079891058 -0700
+@@ -428,6 +428,9 @@ of the attribute codes:
+ <listitem>
+ <para><command>J</command> (as an object signer)</para>
+ </listitem>
++ <listitem>
++<para><command>I</command> (as an IPSEC user)</para>
++ </listitem>
+ </itemizedlist></listitem>
+ </varlistentry>
+
diff --git a/SOURCES/nss-check-policy-file.patch b/SOURCES/nss-check-policy-file.patch
deleted file mode 100644
index 898ffef..0000000
--- a/SOURCES/nss-check-policy-file.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c
---- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-02-28 10:49:53.811343156 +0100
-+++ nss/lib/pk11wrap/pk11pars.c 2017-02-28 10:59:41.178647490 +0100
-@@ -109,6 +109,7 @@ secmod_NewModule(void)
- *other flags are set */
- #define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
- #define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
-+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08
-
- /* private flags for internal (field in SECMODModule). */
- /* The meaing of these flags is as follows:
-@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar
- if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
- flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
- }
-+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) {
-+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY;
-+ }
- /* additional moduleDB flags could be added here in the future */
- mod->isModuleDB = (PRBool)flags;
- }
-@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule
- }
-
- PRBool
-+secmod_PolicyOnly(SECMODModule *mod)
-+{
-+ char flags = (char) mod->isModuleDB;
-+
-+ return (flags & SECMOD_FLAG_MODULE_DB_POLICY_ONLY) ? PR_TRUE : PR_FALSE;
-+}
-+
-+PRBool
- secmod_IsInternalKeySlot(SECMODModule *mod)
- {
- char flags = (char)mod->internal;
-@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM
- if (!module) {
- goto loser;
- }
-+
-+ /* a policy only stanza doesn't actually get 'loaded'. policy has already
-+ * been parsed as a side effect of the CreateModuleEx call */
-+ if (secmod_PolicyOnly(module)) {
-+ return module;
-+ }
- if (parent) {
- module->parent = SECMOD_ReferenceModule(parent);
- if (module->internal && secmod_IsInternalKeySlot(parent)) {
diff --git a/SOURCES/nss-devslot-reinsert.patch b/SOURCES/nss-devslot-reinsert.patch
deleted file mode 100644
index f68a81a..0000000
--- a/SOURCES/nss-devslot-reinsert.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1521731296 -3600
-# Thu Mar 22 16:08:16 2018 +0100
-# Node ID 6ae3ab8a1e7b4161f3f8eee90db7a745acced408
-# Parent dedf5290c679153e5b3555ba9c711fe62323c156
-Bug 1447628, devslot: avoid deadlock when re-inserting a token, r=rrelyea
-
-diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c
---- a/lib/dev/devslot.c
-+++ b/lib/dev/devslot.c
-@@ -96,10 +96,16 @@ nssSlot_ResetDelay(
- }
-
- static PRBool
--within_token_delay_period(const NSSSlot *slot)
-+token_status_checked(const NSSSlot *slot)
- {
- PRIntervalTime time;
- int lastPingState = slot->lastTokenPingState;
-+ /* When called from the same thread, that means
-+ * nssSlot_IsTokenPresent() is called recursively through
-+ * nssSlot_Refresh(). Return immediately in that case. */
-+ if (slot->isPresentThread == PR_GetCurrentThread()) {
-+ return PR_TRUE;
-+ }
- /* Set the delay time for checking the token presence */
- if (s_token_delay_time == 0) {
- s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
-@@ -130,7 +136,7 @@ nssSlot_IsTokenPresent(
-
- /* avoid repeated calls to check token status within set interval */
- PZ_Lock(slot->isPresentLock);
-- if (within_token_delay_period(slot)) {
-+ if (token_status_checked(slot)) {
- CK_FLAGS ckFlags = slot->ckFlags;
- PZ_Unlock(slot->isPresentLock);
- return ((ckFlags & CKF_TOKEN_PRESENT) != 0);
-@@ -146,12 +152,12 @@ nssSlot_IsTokenPresent(
-
- /* set up condition so only one thread is active in this part of the code at a time */
- PZ_Lock(slot->isPresentLock);
-- while (slot->inIsPresent) {
-+ while (slot->isPresentThread) {
- PR_WaitCondVar(slot->isPresentCondition, 0);
- }
- /* if we were one of multiple threads here, the first thread will have
- * given us the answer, no need to make more queries of the token. */
-- if (within_token_delay_period(slot)) {
-+ if (token_status_checked(slot)) {
- CK_FLAGS ckFlags = slot->ckFlags;
- PZ_Unlock(slot->isPresentLock);
- return ((ckFlags & CKF_TOKEN_PRESENT) != 0);
-@@ -159,7 +165,7 @@ nssSlot_IsTokenPresent(
- /* this is the winning thread, block all others until we've determined
- * if the token is present and that it needs initialization. */
- slot->lastTokenPingState = nssSlotLastPingState_Update;
-- slot->inIsPresent = PR_TRUE;
-+ slot->isPresentThread = PR_GetCurrentThread();
-
- PZ_Unlock(slot->isPresentLock);
-
-@@ -257,7 +263,7 @@ done:
- slot->lastTokenPingTime = PR_IntervalNow();
- slot->lastTokenPingState = nssSlotLastPingState_Valid;
- }
-- slot->inIsPresent = PR_FALSE;
-+ slot->isPresentThread = NULL;
- PR_NotifyAllCondVar(slot->isPresentCondition);
- PZ_Unlock(slot->isPresentLock);
- return isPresent;
-diff --git a/lib/dev/devt.h b/lib/dev/devt.h
---- a/lib/dev/devt.h
-+++ b/lib/dev/devt.h
-@@ -92,7 +92,7 @@ struct NSSSlotStr {
- PK11SlotInfo *pk11slot;
- PZLock *isPresentLock;
- PRCondVar *isPresentCondition;
-- PRBool inIsPresent;
-+ PRThread *isPresentThread;
- };
-
- struct nssSessionStr {
-diff --git a/lib/pk11wrap/dev3hack.c b/lib/pk11wrap/dev3hack.c
---- a/lib/pk11wrap/dev3hack.c
-+++ b/lib/pk11wrap/dev3hack.c
-@@ -122,7 +122,7 @@ nssSlot_CreateFromPK11SlotInfo(NSSTrustD
- rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
- rvSlot->isPresentLock = PZ_NewLock(nssiLockOther);
- rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock);
-- rvSlot->inIsPresent = PR_FALSE;
-+ rvSlot->isPresentThread = NULL;
- rvSlot->lastTokenPingState = nssSlotLastPingState_Reset;
- return rvSlot;
- }
diff --git a/SOURCES/nss-disable-cipher-suites.patch b/SOURCES/nss-disable-cipher-suites.patch
index b593479..92a7472 100644
--- a/SOURCES/nss-disable-cipher-suites.patch
+++ b/SOURCES/nss-disable-cipher-suites.patch
@@ -1,7 +1,7 @@
diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.disable-cipher-suites 2017-04-26 11:53:57.980039632 +0200
-+++ nss/lib/ssl/ssl3con.c 2017-04-26 11:55:56.374264466 +0200
-@@ -97,7 +97,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
+--- nss/lib/ssl/ssl3con.c.disable-cipher-suites 2019-03-21 14:24:14.660150519 +0100
++++ nss/lib/ssl/ssl3con.c 2019-03-21 14:25:12.997929443 +0100
+@@ -96,7 +96,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -12,8 +12,8 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -106,7 +109,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+@@ -105,7 +108,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -24,4 +24,4 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
diff --git a/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch
new file mode 100644
index 0000000..1b57e75
--- /dev/null
+++ b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch
@@ -0,0 +1,202 @@
+# HG changeset patch
+# User Daiki Ueno <dueno@redhat.com>
+# Date 1559031046 -7200
+# Tue May 28 10:10:46 2019 +0200
+# Node ID 0a4e8b72a92e144663c2f35d3836f7828cfc97f2
+# Parent 370a9e85f216f5f4ff277995a997c5c9b23a819f
+Bug 1552208, prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3, r=mt
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Subscribers: mt, jcj, ueno, rrelyea, HubertKario, KevinJacobs
+
+Tags: #secure-revision, #bmo-crypto-core-security
+
+Bug #: 1552208
+
+Differential Revision: https://phabricator.services.mozilla.com/D32454
+
+diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
+--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
+@@ -701,6 +701,44 @@ TEST_P(TlsConnectTls12, ClientAuthIncons
+ ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
+ }
+
++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
++ static const SSLSignatureScheme kSignatureScheme[] = {
++ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
++
++ Reset(TlsAgent::kServerRsa, "rsa");
++ client_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ server_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ client_->SetupClientAuth();
++ server_->RequestClientAuth(true);
++
++ auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
++ client_, kTlsHandshakeCertificateVerify);
++ capture_cert_verify->EnableDecryption();
++
++ Connect();
++ CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
++ 1024);
++}
++
++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
++ static const SSLSignatureScheme kSignatureScheme[] = {
++ ssl_sig_rsa_pkcs1_sha256};
++
++ Reset(TlsAgent::kServerRsa, "rsa");
++ client_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ server_->SetSignatureSchemes(kSignatureScheme,
++ PR_ARRAY_SIZE(kSignatureScheme));
++ client_->SetupClientAuth();
++ server_->RequestClientAuth(true);
++
++ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
++ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
++ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
++}
++
+ class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
+ public:
+ TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
+@@ -933,7 +971,7 @@ TEST_P(TlsConnectTls13, InconsistentSign
+ client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+ }
+
+-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
++TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
+ server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
+ PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
+ server_->RequestClientAuth(false);
+@@ -1395,12 +1433,21 @@ TEST_P(TlsSignatureSchemeConfiguration,
+ INSTANTIATE_TEST_CASE_P(
+ SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
+ ::testing::Combine(
+- TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
++ TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
+ ::testing::Values(TlsAgent::kServerRsaSign),
+ ::testing::Values(ssl_auth_rsa_sign),
+ ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
+ ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
+ ssl_sig_rsa_pss_rsae_sha384)));
++// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
++INSTANTIATE_TEST_CASE_P(
++ SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
++ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
++ TlsConnectTestBase::kTlsV13,
++ ::testing::Values(TlsAgent::kServerRsaSign),
++ ::testing::Values(ssl_auth_rsa_sign),
++ ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
++ ssl_sig_rsa_pss_rsae_sha384)));
+ // PSS with SHA-512 needs a bigger key to work.
+ INSTANTIATE_TEST_CASE_P(
+ SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
+diff --git a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+--- a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
++++ b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+@@ -68,12 +68,6 @@ class TlsCipherSuiteTestBase : public Tl
+ virtual void SetupCertificate() {
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ switch (sig_scheme_) {
+- case ssl_sig_rsa_pkcs1_sha256:
+- case ssl_sig_rsa_pkcs1_sha384:
+- case ssl_sig_rsa_pkcs1_sha512:
+- Reset(TlsAgent::kServerRsaSign);
+- auth_type_ = ssl_auth_rsa_sign;
+- break;
+ case ssl_sig_rsa_pss_rsae_sha256:
+ case ssl_sig_rsa_pss_rsae_sha384:
+ Reset(TlsAgent::kServerRsaSign);
+@@ -330,6 +324,12 @@ static SSLSignatureScheme kSignatureSche
+ ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384,
+ ssl_sig_rsa_pss_pss_sha512};
+
++static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
++ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
++ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384,
++ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256,
++ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512};
++
+ INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams,
+ TLS_RSA_WITH_RC4_128_SHA,
+@@ -394,7 +394,7 @@ INSTANTIATE_CIPHER_TEST_P(
+ #ifndef NSS_DISABLE_TLS_1_3
+ INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
+ ::testing::ValuesIn(kFasterDHEGroups),
+- ::testing::ValuesIn(kSignatureSchemesParamsArr),
++ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
+ TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_256_GCM_SHA384);
+ INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
+diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
+--- a/gtests/ssl_gtest/ssl_extension_unittest.cc
++++ b/gtests/ssl_gtest/ssl_extension_unittest.cc
+@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, Signature
+ }
+
+ TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
+- // 31 unknown signature algorithms followed by sha-256, rsa
++ // 31 unknown signature algorithms followed by sha-256, rsa-pss
+ const uint8_t val[] = {
+ 0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
+ DataBuffer extension(val, sizeof(val));
+ MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
+ extension);
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMess
+ static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
+ static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
+ PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
++PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
+ PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme);
+
+ const PRUint8 ssl_hello_retry_random[] = {
+@@ -4101,6 +4102,9 @@ ssl_SignatureSchemeValid(SSLSignatureSch
+ if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
+ return PR_FALSE;
+ }
++ if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
++ return PR_FALSE;
++ }
+ /* With TLS 1.3, EC keys should have been selected based on calling
+ * ssl_SignatureSchemeFromSpki(), reject them otherwise. */
+ return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+@@ -4351,6 +4355,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignature
+ }
+
+ PRBool
++ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
++{
++ switch (scheme) {
++ case ssl_sig_rsa_pkcs1_sha256:
++ case ssl_sig_rsa_pkcs1_sha384:
++ case ssl_sig_rsa_pkcs1_sha512:
++ case ssl_sig_rsa_pkcs1_sha1:
++ return PR_TRUE;
++
++ default:
++ return PR_FALSE;
++ }
++ return PR_FALSE;
++}
++
++PRBool
+ ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme)
+ {
+ switch (scheme) {
diff --git a/SOURCES/nss-disable-tls13-gtests.patch b/SOURCES/nss-disable-tls13-gtests.patch
deleted file mode 100644
index cc7b661..0000000
--- a/SOURCES/nss-disable-tls13-gtests.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up nss/gtests/ssl_gtest/ssl_skip_unittest.cc.disable-tls13-gtests nss/gtests/ssl_gtest/ssl_skip_unittest.cc
---- nss/gtests/ssl_gtest/ssl_skip_unittest.cc.disable-tls13-gtests 2017-10-16 17:13:51.798825185 +0200
-+++ nss/gtests/ssl_gtest/ssl_skip_unittest.cc 2017-10-16 17:14:08.238496409 +0200
-@@ -234,6 +234,8 @@ INSTANTIATE_TEST_CASE_P(
- INSTANTIATE_TEST_CASE_P(SkipVariants, TlsSkipTest,
- ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
- TlsConnectTestBase::kTlsV11V12));
-+#if 0
- INSTANTIATE_TEST_CASE_P(Skip13Variants, Tls13SkipTest,
- TlsConnectTestBase::kTlsVariantsAll);
-+#endif
- } // namespace nss_test
diff --git a/SOURCES/nss-dsa-policy.patch b/SOURCES/nss-dsa-policy.patch
new file mode 100644
index 0000000..5a191ff
--- /dev/null
+++ b/SOURCES/nss-dsa-policy.patch
@@ -0,0 +1,51 @@
+diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
+--- a/lib/certhigh/certvfy.c
++++ b/lib/certhigh/certvfy.c
+@@ -42,23 +42,16 @@ checkKeyParams(const SECAlgorithmID *sig
+ {
+ SECStatus rv;
+ SECOidTag sigAlg;
+ SECOidTag curve;
+ PRUint32 policyFlags = 0;
+ PRInt32 minLen, len;
+
+ sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
+- rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
+- if (rv == SECSuccess &&
+- !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+- return SECFailure;
+- }
+-
+ switch (sigAlg) {
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ if (key->keyType != ecKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+@@ -126,16 +119,23 @@ checkKeyParams(const SECAlgorithmID *sig
+ }
+
+ if (len < minLen) {
+ return SECFailure;
+ }
+
+ return SECSuccess;
+ case SEC_OID_ANSIX9_DSA_SIGNATURE:
++ rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
++ if (rv == SECSuccess &&
++ !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
++ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
++ return SECFailure;
++ }
++ /* fall through */
+ case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_SDN702_DSA_SIGNATURE:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+ if (key->keyType != dsaKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
diff --git a/SOURCES/nss-enable-cipher-suites.patch b/SOURCES/nss-enable-cipher-suites.patch
deleted file mode 100644
index 0e6aabd..0000000
--- a/SOURCES/nss-enable-cipher-suites.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff -up nss/lib/ssl/ssl3con.c.enable-cipher-suites nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.enable-cipher-suites 2017-02-20 16:32:39.464067010 +0100
-+++ nss/lib/ssl/ssl3con.c 2017-02-20 16:37:00.506731989 +0100
-@@ -91,7 +91,7 @@ PRBool ssl_IsRsaPssSignatureScheme(SSLSi
- /* clang-format off */
- static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
- /* cipher_suite policy enabled isPresent */
-- { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-@@ -102,7 +102,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-@@ -113,7 +113,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-@@ -140,7 +140,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
- { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
diff --git a/SOURCES/nss-fips-disable-tls13.patch b/SOURCES/nss-fips-disable-tls13.patch
new file mode 100644
index 0000000..8b30bbc
--- /dev/null
+++ b/SOURCES/nss-fips-disable-tls13.patch
@@ -0,0 +1,30 @@
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -2382,16 +2382,26 @@ ssl3_CreateOverlapWithPolicy(SSLProtocol
+ rv = ssl3_GetEffectiveVersionPolicy(protocolVariant,
+ &effectivePolicyBoundary);
+ if (rv == SECFailure) {
+ /* SECFailure means internal failure or invalid configuration. */
+ overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
+ return SECFailure;
+ }
+
++ /* TODO: TLSv1.3 doesn't work yet under FIPS mode */
++ if (PK11_IsFIPS()) {
++ if (effectivePolicyBoundary.min >= SSL_LIBRARY_VERSION_TLS_1_3) {
++ effectivePolicyBoundary.min = SSL_LIBRARY_VERSION_TLS_1_2;
++ }
++ if (effectivePolicyBoundary.max >= SSL_LIBRARY_VERSION_TLS_1_3) {
++ effectivePolicyBoundary.max = SSL_LIBRARY_VERSION_TLS_1_2;
++ }
++ }
++
+ vrange.min = PR_MAX(input->min, effectivePolicyBoundary.min);
+ vrange.max = PR_MIN(input->max, effectivePolicyBoundary.max);
+
+ if (vrange.max < vrange.min) {
+ /* there was no overlap, turn off range altogether */
+ overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
+ return SECFailure;
+ }
diff --git a/SOURCES/nss-fix-public-key-from-priv.patch b/SOURCES/nss-fix-public-key-from-priv.patch
new file mode 100644
index 0000000..275bfc7
--- /dev/null
+++ b/SOURCES/nss-fix-public-key-from-priv.patch
@@ -0,0 +1,299 @@
+diff -up ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs ./nss/gtests/pk11_gtest/pk11_import_unittest.cc
+--- ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
++++ ./nss/gtests/pk11_gtest/pk11_import_unittest.cc 2019-06-05 12:01:13.728544204 -0700
+@@ -78,17 +78,40 @@ class Pk11KeyImportTestBase : public ::t
+ CK_MECHANISM_TYPE mech_;
+
+ private:
++ SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) {
++ SECItem null = { siBuffer, NULL, 0};
++ switch(SECKEY_GetPublicKeyType(pub_key.get())) {
++ case rsaKey:
++ case rsaPssKey:
++ case rsaOaepKey:
++ return pub_key->u.rsa.modulus;
++ case keaKey:
++ return pub_key->u.kea.publicValue;
++ case dsaKey:
++ return pub_key->u.dsa.publicValue;
++ case dhKey:
++ return pub_key->u.dh.publicValue;
++ case ecKey:
++ return pub_key->u.ec.publicValue;
++ case fortezzaKey: /* depricated */
++ case nullKey:
++ /* didn't use default here so we can catch new key types at compile time */
++ break;
++ }
++ return null;
++ }
+ void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key,
+ const SECItem* expected_public) {
+ // Verify the public key exists.
+ StackSECItem priv_id;
++ KeyType type = SECKEY_GetPrivateKeyType(priv_key.get());
+ SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(),
+ CKA_ID, &priv_id);
+ ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: "
+ << PORT_ErrorToName(PORT_GetError());
+
+ CK_ATTRIBUTE_TYPE value_type = CKA_VALUE;
+- switch (SECKEY_GetPrivateKeyType(priv_key.get())) {
++ switch (type) {
+ case rsaKey:
+ value_type = CKA_MODULUS;
+ break;
+@@ -106,6 +129,8 @@ class Pk11KeyImportTestBase : public ::t
+ FAIL() << "unknown key type";
+ }
+
++ // Scan public key objects until we find one with the same CKA_ID as
++ // priv_key
+ std::unique_ptr<PK11GenericObject, PK11GenericObjectsDeleter> objs(
+ PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY));
+ ASSERT_NE(nullptr, objs);
+@@ -128,20 +153,46 @@ class Pk11KeyImportTestBase : public ::t
+ ASSERT_EQ(1U, token.len);
+ ASSERT_NE(0, token.data[0]);
+
+- StackSECItem value;
+- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &value);
++ StackSECItem raw_value;
++ SECItem decoded_value;
++ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value);
+ ASSERT_EQ(SECSuccess, rv);
++ SECItem value = raw_value;
+
++ // Decode the EC_POINT and check the output against expected.
+ // CKA_EC_POINT isn't stable, see Bug 1520649.
++ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
++ ASSERT_TRUE(arena);
+ if (value_type == CKA_EC_POINT) {
+- continue;
+- }
+
++ // If this fails due to the noted inconsistency, we may need to
++ // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag
++ rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value,
++ SEC_ASN1_GET(SEC_OctetStringTemplate),
++ &raw_value);
++ ASSERT_EQ(SECSuccess, rv);
++ value = decoded_value;
++ }
+ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value))
+ << "expected: "
+ << DataBuffer(expected_public->data, expected_public->len)
+ << std::endl
+ << "actual: " << DataBuffer(value.data, value.len) << std::endl;
++
++ // Finally, convert the private to public and ensure it matches.
++ ScopedSECKEYPublicKey pub_key(
++ SECKEY_ConvertToPublicKey(priv_key.get()));
++ ASSERT_TRUE(pub_key);
++ SECItem converted_public = GetPublicComponent(pub_key);
++ ASSERT_TRUE(converted_public.len != 0);
++
++ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public))
++ << "expected: "
++ << DataBuffer(expected_public->data, expected_public->len)
++ << std::endl
++ << "actual: "
++ << DataBuffer(converted_public.data, converted_public.len)
++ << std::endl;
+ }
+ }
+
+diff -up ./nss/lib/cryptohi/seckey.c.pub-priv-mechs ./nss/lib/cryptohi/seckey.c
+--- ./nss/lib/cryptohi/seckey.c.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
++++ ./nss/lib/cryptohi/seckey.c 2019-06-05 12:01:13.729544204 -0700
+@@ -1206,6 +1206,37 @@ SECKEY_CopyPublicKey(const SECKEYPublicK
+ return NULL;
+ }
+
++/*
++ * Use the private key to find a public key handle. The handle will be on
++ * the same slot as the private key.
++ */
++static CK_OBJECT_HANDLE
++seckey_FindPublicKeyHandle(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk)
++{
++ CK_OBJECT_HANDLE keyID;
++
++ /* this helper function is only used below. If we want to make this more
++ * general, we would need to free up any already cached handles if the
++ * slot doesn't match up with the private key slot */
++ PORT_Assert(pubk->pkcs11ID == CK_INVALID_HANDLE);
++
++ /* first look for a matching public key */
++ keyID = PK11_MatchItem(privk->pkcs11Slot, privk->pkcs11ID, CKO_PUBLIC_KEY);
++ if (keyID != CK_INVALID_HANDLE) {
++ return keyID;
++ }
++
++ /* none found, create a temp one, make the pubk the owner */
++ pubk->pkcs11ID = PK11_DerivePubKeyFromPrivKey(privk);
++ if (pubk->pkcs11ID == CK_INVALID_HANDLE) {
++ /* end of the road. Token doesn't have matching public key, nor can
++ * token regenerate a new public key from and existing private key. */
++ return CK_INVALID_HANDLE;
++ }
++ pubk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
++ return pubk->pkcs11ID;
++}
++
+ SECKEYPublicKey *
+ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
+ {
+@@ -1213,6 +1244,8 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+ PLArenaPool *arena;
+ CERTCertificate *cert;
+ SECStatus rv;
++ CK_OBJECT_HANDLE pubKeyHandle;
++ SECItem decodedPoint;
+
+ /*
+ * First try to look up the cert.
+@@ -1243,11 +1276,47 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+
+ switch (privk->keyType) {
+ case nullKey:
+- case dhKey:
+- case dsaKey:
+ /* Nothing to query, if the cert isn't there, we're done -- no way
+ * to get the public key */
+ break;
++ case dsaKey:
++ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
++ if (pubKeyHandle == CK_INVALID_HANDLE)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_BASE, arena, &pubk->u.dsa.params.base);
++ if (rv != SECSuccess)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_PRIME, arena, &pubk->u.dsa.params.prime);
++ if (rv != SECSuccess)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_SUBPRIME, arena, &pubk->u.dsa.params.subPrime);
++ if (rv != SECSuccess)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_VALUE, arena, &pubk->u.dsa.publicValue);
++ if (rv != SECSuccess)
++ break;
++ return pubk;
++ case dhKey:
++ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
++ if (pubKeyHandle == CK_INVALID_HANDLE)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_BASE, arena, &pubk->u.dh.base);
++ if (rv != SECSuccess)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_PRIME, arena, &pubk->u.dh.prime);
++ if (rv != SECSuccess)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_VALUE, arena, &pubk->u.dh.publicValue);
++ if (rv != SECSuccess)
++ break;
++ return pubk;
+ case rsaKey:
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+ CKA_MODULUS, arena, &pubk->u.rsa.modulus);
+@@ -1258,7 +1327,6 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+ if (rv != SECSuccess)
+ break;
+ return pubk;
+- break;
+ case ecKey:
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+ CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams);
+@@ -1268,7 +1336,23 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+ rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+ CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
+ if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) {
+- break;
++ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
++ if (pubKeyHandle == CK_INVALID_HANDLE)
++ break;
++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
++ CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
++ if (rv != SECSuccess)
++ break;
++ }
++ /* ec.publicValue should be decoded, PKCS #11 defines CKA_EC_POINT
++ * as encoded, but it's not always. try do decoded it and if it
++ * succeeds store the decoded value */
++ rv = SEC_QuickDERDecodeItem(arena, &decodedPoint,
++ SEC_ASN1_GET(SEC_OctetStringTemplate), &pubk->u.ec.publicValue);
++ if (rv == SECSuccess) {
++ /* both values are in the public key arena, so it's safe to
++ * overwrite the old value */
++ pubk->u.ec.publicValue = decodedPoint;
+ }
+ pubk->u.ec.encoding = ECPoint_Undefined;
+ return pubk;
+@@ -1276,7 +1360,9 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
+ break;
+ }
+
+- PORT_FreeArena(arena, PR_FALSE);
++ /* must use Destroy public key here, because some paths create temporary
++ * PKCS #11 objects which need to be freed */
++ SECKEY_DestroyPublicKey(pubk);
+ return NULL;
+ }
+
+diff -up ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs ./nss/lib/pk11wrap/pk11priv.h
+--- ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
++++ ./nss/lib/pk11wrap/pk11priv.h 2019-06-05 12:01:13.729544204 -0700
+@@ -111,6 +111,7 @@ CK_OBJECT_HANDLE PK11_FindObjectForCert(
+ PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+ CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
+ unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType);
++CK_OBJECT_HANDLE PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey);
+
+ /**********************************************************************
+ * Certs
+diff -up ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs ./nss/lib/pk11wrap/pk11skey.c
+--- ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
++++ ./nss/lib/pk11wrap/pk11skey.c 2019-06-05 12:01:13.730544203 -0700
+@@ -1840,6 +1840,35 @@ loser:
+ }
+
+ /*
++ * This regenerate a public key from a private key. This function is currently
++ * NSS private. If we want to make it public, we need to add and optional
++ * template or at least flags (a.la. PK11_DeriveWithFlags).
++ */
++CK_OBJECT_HANDLE
++PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey)
++{
++ PK11SlotInfo *slot = privKey->pkcs11Slot;
++ CK_MECHANISM mechanism;
++ CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
++ CK_RV crv;
++
++ mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV;
++ mechanism.pParameter = NULL;
++ mechanism.ulParameterLen = 0;
++
++ PK11_EnterSlotMonitor(slot);
++ crv = PK11_GETTAB(slot)->C_DeriveKey(slot->session, &mechanism,
++ privKey->pkcs11ID, NULL, 0,
++ &objectID);
++ PK11_ExitSlotMonitor(slot);
++ if (crv != CKR_OK) {
++ PORT_SetError(PK11_MapError(crv));
++ return CK_INVALID_HANDLE;
++ }
++ return objectID;
++}
++
++/*
+ * This Generates a wrapping key based on a privateKey, publicKey, and two
+ * random numbers. For Mail usage RandomB should be NULL. In the Sender's
+ * case RandomA is generate, outherwize it is passed.
diff --git a/SOURCES/nss-pkcs12-iterations-limit.patch b/SOURCES/nss-pkcs12-iterations-limit.patch
deleted file mode 100644
index 8b035b8..0000000
--- a/SOURCES/nss-pkcs12-iterations-limit.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-# HG changeset patch
-# User J.C. Jones <jjones@mozilla.com>
-# Date 1521824312 25200
-# Fri Mar 23 09:58:32 2018 -0700
-# Branch NSS_3_36_BRANCH
-# Node ID ba3f1cc8a8e644ee6f8a763624d97e987816304d
-# Parent 2355c9e3bba477c947a09a2fe8b1ed8971fab1cb
-Bug 1278071 - Limit iterations for PKCS #12 export for Windows r=kaie
-
-Per Bug 1436873, Windows is limited on importing PKCS12 files of 600k rounds
-or less. So for compatibility's sake, let's limit there, too.
-
-diff --git a/lib/pkcs7/p7create.c b/lib/pkcs7/p7create.c
---- a/lib/pkcs7/p7create.c
-+++ b/lib/pkcs7/p7create.c
-@@ -22,7 +22,7 @@ const int NSS_PBE_DEFAULT_ITERATION_COUN
- #ifdef DEBUG
- 10000
- #else
-- 1000000
-+ 600000
- #endif
- ;
-
diff --git a/SOURCES/nss-post-handshake-auth-with-tickets.patch b/SOURCES/nss-post-handshake-auth-with-tickets.patch
new file mode 100644
index 0000000..ac51f07
--- /dev/null
+++ b/SOURCES/nss-post-handshake-auth-with-tickets.patch
@@ -0,0 +1,96 @@
+# HG changeset patch
+# User Daiki Ueno <dueno@redhat.com>
+# Date 1559121620 -7200
+# Wed May 29 11:20:20 2019 +0200
+# Node ID 29a48b604602a523defd6f9322a5adeca7e284a5
+# Parent 43a7fb4f994a31222c308113b0fccdd5480d5b8e
+Bug 1553443, send session ticket only after handshake is marked as finished
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 1553443
+
+Differential Revision: https://phabricator.services.mozilla.com/D32128
+
+diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
+--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
+@@ -537,6 +537,40 @@ TEST_F(TlsConnectStreamTls13, PostHandsh
+ capture_cert_req->buffer().len()));
+ }
+
++// Check if post-handshake auth still works when session tickets are enabled:
++// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
++TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) {
++ EnsureTlsSetup();
++ client_->SetupClientAuth();
++ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
++ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
++ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
++ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
++ EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
++ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
++ size_t called = 0;
++ server_->SetAuthCertificateCallback(
++ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
++ called++;
++ return SECSuccess;
++ });
++ Connect();
++ EXPECT_EQ(0U, called);
++ // Send CertificateRequest.
++ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
++ client_->ssl_fd(), GetClientAuthDataHook, nullptr));
++ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
++ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
++ server_->SendData(50);
++ client_->ReadBytes(50);
++ client_->SendData(50);
++ server_->ReadBytes(50);
++ EXPECT_EQ(1U, called);
++ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
++ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
++ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
++}
++
+ // In TLS 1.3, the client sends its cert rejection on the
+ // second flight, and since it has already received the
+ // server's Finished, it transitions to complete and
+diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
+--- a/lib/ssl/tls13con.c
++++ b/lib/ssl/tls13con.c
+@@ -4561,6 +4561,11 @@ tls13_ServerHandleFinished(sslSocket *ss
+ return SECFailure;
+ }
+
++ rv = tls13_FinishHandshake(ss);
++ if (rv != SECSuccess) {
++ return SECFailure;
++ }
++
+ ssl_GetXmitBufLock(ss);
+ if (ss->opt.enableSessionTickets) {
+ rv = tls13_SendNewSessionTicket(ss, NULL, 0);
+@@ -4573,8 +4578,7 @@ tls13_ServerHandleFinished(sslSocket *ss
+ }
+ }
+ ssl_ReleaseXmitBufLock(ss);
+-
+- return tls13_FinishHandshake(ss);
++ return SECSuccess;
+
+ loser:
+ ssl_ReleaseXmitBufLock(ss);
+diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt
+--- a/tests/ssl/sslauth.txt
++++ b/tests/ssl/sslauth.txt
+@@ -42,6 +42,7 @@
+ noECC 0 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth)
+ noECC 0 -r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth)
+ noECC 1 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth)
++ noECC 0 -r_-r_-r_-E_-u -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs with session ticket (client auth)
+ #
+ # Use EC cert for client authentication
+ #
diff --git a/SOURCES/nss-reorder-cipher-suites-gtests.patch b/SOURCES/nss-reorder-cipher-suites-gtests.patch
index 0675959..73b049f 100644
--- a/SOURCES/nss-reorder-cipher-suites-gtests.patch
+++ b/SOURCES/nss-reorder-cipher-suites-gtests.patch
@@ -1,7 +1,7 @@
diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_auth_unittest.cc
---- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2018-03-05 16:58:32.000000000 +0100
-+++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc 2018-03-09 17:29:32.985313219 +0100
-@@ -231,7 +231,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
+--- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc 2019-03-22 11:25:50.523173253 +0100
+@@ -728,7 +728,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
// NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
// 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
// we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
@@ -12,7 +12,7 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests
return ssl_grp_ec_secp384r1;
}
return ssl_grp_ec_curve25519;
-@@ -870,20 +872,24 @@ INSTANTIATE_TEST_CASE_P(
+@@ -1377,20 +1379,24 @@ INSTANTIATE_TEST_CASE_P(
::testing::Values(TlsAgent::kServerEcdsa256),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
@@ -39,9 +39,63 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests
INSTANTIATE_TEST_CASE_P(
SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
-@@ -892,4 +898,5 @@ INSTANTIATE_TEST_CASE_P(
+@@ -1399,4 +1405,5 @@ INSTANTIATE_TEST_CASE_P(
TlsAgent::kServerEcdsa384),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_sha1)));
+#endif
} // namespace nss_test
+diff -up nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc
+--- nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc 2019-03-22 11:25:50.523173253 +0100
+@@ -71,11 +71,13 @@ void CheckRecordSizes(const std::shared_
+ break;
+
+ case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
++ case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+ expansion = 16;
+ iv = 8;
+ break;
+
+ case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
++ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+ // Expansion is 20 for the MAC. Maximum block padding is 16. Maximum
+ // padding is added when the input plus the MAC is an exact multiple of
+ // the block size.
+diff -up nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
+--- nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc 2019-03-22 11:29:30.452433420 +0100
+@@ -133,7 +133,19 @@ TEST_P(TlsConnectGenericPre13, TooLargeR
+ TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) {
+ Reset(TlsAgent::kRsa8192);
+ Connect();
+- CheckKeys();
++ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
++ CheckKeys();
++ } else {
++ // in TLS 1.2 or TLS 1.1, AES-256 is selected by default, which
++ // needs a different kea setup
++ SSLSignatureScheme scheme;
++ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_2) {
++ scheme = ssl_sig_rsa_pss_rsae_sha256;
++ } else {
++ scheme = ssl_sig_rsa_pkcs1_sha256;
++ }
++ CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp521r1, ssl_auth_rsa_sign, scheme);
++ }
+ }
+
+ } // namespace nss_test
+diff -up nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/tls_agent.cc
+--- nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests 2019-03-22 11:28:19.936944328 +0100
++++ nss/gtests/ssl_gtest/tls_agent.cc 2019-03-22 11:29:58.712828287 +0100
+@@ -532,6 +532,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea,
+ case ssl_grp_ec_secp384r1:
+ kea_size = 384;
+ break;
++ case ssl_grp_ec_secp521r1:
++ kea_size = 521;
++ break;
+ case ssl_grp_ffdhe_2048:
+ kea_size = 2048;
+ break;
diff --git a/SOURCES/nss-reorder-cipher-suites.patch b/SOURCES/nss-reorder-cipher-suites.patch
index 9806190..c295c1d 100644
--- a/SOURCES/nss-reorder-cipher-suites.patch
+++ b/SOURCES/nss-reorder-cipher-suites.patch
@@ -1,21 +1,16 @@
diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
---- nss/lib/ssl/ssl3con.c.reorder-cipher-suites 2017-04-26 11:47:33.690047402 +0200
-+++ nss/lib/ssl/ssl3con.c 2017-04-26 11:51:51.103013632 +0200
-@@ -91,54 +91,44 @@ PRBool ssl_IsRsaPssSignatureScheme(SSLSi
- /* clang-format off */
- static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
- /* cipher_suite policy enabled isPresent */
-- /* Special TLS 1.3 suites. */
-- { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-- { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-- { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
--
+--- nss/lib/ssl/ssl3con.c.reorder-cipher-suites 2019-03-16 01:25:08.000000000 +0100
++++ nss/lib/ssl/ssl3con.c 2019-03-21 14:22:01.578936057 +0100
+@@ -90,49 +90,44 @@ static ssl3CipherSuiteCfg cipherSuites[s
+ { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+ { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
- * bug 946147.
- */
@@ -29,7 +24,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -42,7 +37,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-
-+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
++ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -53,7 +48,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -74,14 +69,14 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -147,27 +137,21 @@ static ssl3CipherSuiteCfg cipherSuites[s
+@@ -141,27 +136,21 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-
- /* RSA */
- { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -106,27 +101,13 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-@@ -175,6 +159,9 @@ static ssl3CipherSuiteCfg cipherSuites[s
- { TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-+ { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
-+ { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
- };
- /* clang-format on */
-
diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c
---- nss/lib/ssl/sslenum.c.reorder-cipher-suites 2017-04-26 11:46:50.215066457 +0200
-+++ nss/lib/ssl/sslenum.c 2017-04-26 11:47:09.362617638 +0200
-@@ -55,53 +55,44 @@
- * the third one.
- */
- const PRUint16 SSL_ImplementedCiphers[] = {
-- TLS_AES_128_GCM_SHA256,
-- TLS_CHACHA20_POLY1305_SHA256,
-- TLS_AES_256_GCM_SHA384,
--
+--- nss/lib/ssl/sslenum.c.reorder-cipher-suites 2019-03-16 01:25:08.000000000 +0100
++++ nss/lib/ssl/sslenum.c 2019-03-21 14:22:16.479624167 +0100
+@@ -59,49 +59,44 @@ const PRUint16 SSL_ImplementedCiphers[]
+ TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_256_GCM_SHA384,
+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -191,7 +172,7 @@ diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-@@ -110,26 +101,21 @@ const PRUint16 SSL_ImplementedCiphers[]
+@@ -110,26 +105,21 @@ const PRUint16 SSL_ImplementedCiphers[]
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
@@ -222,13 +203,3 @@ diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_RSA_WITH_NULL_SHA,
-@@ -137,6 +123,9 @@ const PRUint16 SSL_ImplementedCiphers[]
- TLS_RSA_WITH_NULL_SHA,
- TLS_RSA_WITH_NULL_SHA256,
- TLS_RSA_WITH_NULL_MD5,
-+ TLS_AES_128_GCM_SHA256,
-+ TLS_CHACHA20_POLY1305_SHA256,
-+ TLS_AES_256_GCM_SHA384,
-
- 0
- };
diff --git a/SOURCES/nss-rhel7.config b/SOURCES/nss-rhel7.config
index be6d690..84e18ce 100644
--- a/SOURCES/nss-rhel7.config
+++ b/SOURCES/nss-rhel7.config
@@ -3,5 +3,5 @@
library=
name=Policy
NSS=flags=policyOnly,moduleDB
-config="disallow=md5 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023"
+config="disallow=MD5:RC4 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023:TLS-VERSION-MIN=tls1.0"
diff --git a/SOURCES/nss-skip-sysinit-gtests.patch b/SOURCES/nss-skip-sysinit-gtests.patch
new file mode 100644
index 0000000..4c3ea29
--- /dev/null
+++ b/SOURCES/nss-skip-sysinit-gtests.patch
@@ -0,0 +1,11 @@
+diff -up nss/gtests/manifest.mn.skip-sysinit-gtests nss/gtests/manifest.mn
+--- nss/gtests/manifest.mn.skip-sysinit-gtests 2019-04-26 12:55:05.979302035 +0200
++++ nss/gtests/manifest.mn 2019-04-26 12:55:09.507228984 +0200
+@@ -27,7 +27,6 @@ NSS_SRCDIRS = \
+ smime_gtest \
+ softoken_gtest \
+ ssl_gtest \
+- $(SYSINIT_GTEST) \
+ nss_bogo_shim \
+ $(NULL)
+ endif
diff --git a/SOURCES/nss-skip-tls13-fips-tests.sh b/SOURCES/nss-skip-tls13-fips-tests.sh
new file mode 100644
index 0000000..2d4ff9c
--- /dev/null
+++ b/SOURCES/nss-skip-tls13-fips-tests.sh
@@ -0,0 +1,16 @@
+diff -up nss/tests/ssl/ssl.sh.skip-tls13-fips-mode nss/tests/ssl/ssl.sh
+--- nss/tests/ssl/ssl.sh.skip-tls13-fips-mode 2019-05-16 10:52:35.926904215 +0200
++++ nss/tests/ssl/ssl.sh 2019-05-16 10:53:05.953281239 +0200
+@@ -412,6 +412,12 @@ ssl_auth()
+ echo "${testname}" | grep "TLS 1.3" > /dev/null
+ TLS13=$?
+
++ if [ "${TLS13}" -eq 0 ] && \
++ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
++ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
++ continue
++ fi
++
+ if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
+ elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
diff --git a/SOURCES/nss-skip-util-gtest.patch b/SOURCES/nss-skip-util-gtest.patch
index 02bf308..2a914d3 100644
--- a/SOURCES/nss-skip-util-gtest.patch
+++ b/SOURCES/nss-skip-util-gtest.patch
@@ -1,7 +1,7 @@
diff -up nss/gtests/manifest.mn.skip-util-gtests nss/gtests/manifest.mn
---- nss/gtests/manifest.mn.skip-util-gtests 2017-09-20 08:47:27.000000000 +0200
-+++ nss/gtests/manifest.mn 2017-10-19 11:02:27.773910909 +0200
-@@ -32,6 +32,5 @@ endif
+--- nss/gtests/manifest.mn.skip-util-gtests 2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/manifest.mn 2019-03-21 12:41:02.264072681 +0100
+@@ -35,6 +35,5 @@ endif
DIRS = \
$(LIB_SRCDIRS) \
@@ -9,9 +9,9 @@ diff -up nss/gtests/manifest.mn.skip-util-gtests nss/gtests/manifest.mn
$(NSS_SRCDIRS) \
$(NULL)
diff -up nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests nss/gtests/ssl_gtest/manifest.mn
---- nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests 2017-09-20 08:47:27.000000000 +0200
-+++ nss/gtests/ssl_gtest/manifest.mn 2017-10-19 11:02:27.773910909 +0200
-@@ -58,6 +58,7 @@ PROGRAM = ssl_gtest
+--- nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests 2019-03-16 01:25:08.000000000 +0100
++++ nss/gtests/ssl_gtest/manifest.mn 2019-03-21 12:41:02.265072660 +0100
+@@ -67,6 +67,7 @@ PROGRAM = ssl_gtest
EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
@@ -19,15 +19,3 @@ diff -up nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests nss/gtests/ssl_gtest/
$(NULL)
USE_STATIC_LIBS = 1
-diff -up nss/tests/gtests/gtests.sh.skip-util-gtests nss/tests/gtests/gtests.sh
---- nss/tests/gtests/gtests.sh.skip-util-gtests 2017-09-20 08:47:27.000000000 +0200
-+++ nss/tests/gtests/gtests.sh 2017-10-19 11:03:57.473976538 +0200
-@@ -83,7 +83,7 @@ gtest_cleanup()
- }
-
- ################## main #################################################
--GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest blake2b_gtest"
-+GTESTS="certhigh_gtest certdb_gtest der_gtest pk11_gtest softoken_gtest"
- SOURCE_DIR="$PWD"/../..
- gtest_init $0
- gtest_start
diff --git a/SOURCES/nss-ssl2-compatible-client-hello.patch b/SOURCES/nss-ssl2-compatible-client-hello.patch
new file mode 100644
index 0000000..a1f5217
--- /dev/null
+++ b/SOURCES/nss-ssl2-compatible-client-hello.patch
@@ -0,0 +1,12 @@
+diff -up nss/lib/ssl/sslsock.c.ssl2hello nss/lib/ssl/sslsock.c
+--- nss/lib/ssl/sslsock.c.ssl2hello 2019-04-26 11:31:02.139693304 +0200
++++ nss/lib/ssl/sslsock.c 2019-04-26 11:31:36.842975724 +0200
+@@ -86,7 +86,7 @@ static sslOptions ssl_defaults = {
+ .enableTls13CompatMode = PR_FALSE,
+ .enableDtlsShortHeader = PR_FALSE,
+ .enableHelloDowngradeCheck = PR_FALSE,
+- .enableV2CompatibleHello = PR_FALSE,
++ .enableV2CompatibleHello = PR_TRUE,
+ .enablePostHandshakeAuth = PR_FALSE
+ };
+
diff --git a/SOURCES/nss-ssl2-server-random.patch b/SOURCES/nss-ssl2-server-random.patch
deleted file mode 100644
index 0a242c8..0000000
--- a/SOURCES/nss-ssl2-server-random.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-# HG changeset patch
-# User Martin Thomson <martin.thomson@gmail.com>
-# Date 1535458477 -7200
-# Tue Aug 28 14:14:37 2018 +0200
-# Branch NSS_3_36_BRANCH
-# Node ID 14bfa8390396e18ba5b35c7fb299a2c2023f6448
-# Parent 42bc6956fda39f6afe81b8de7afb542f3216bc7e
-Bug 1483128 - Move random generation, r?ekr
-
-Summary: This is the simpler fix. It's making the bug pretty obvious though.
-
-Reviewers: ekr, kaie
-
-Subscribers: HubertKario, mt, ekr, beurdouche, kaie, jcj, ueno, wtc, rrelyea
-
-Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
-
-Bug #: 1483128
-
-Differential Revision: https://phabricator.services.mozilla.com/D4282
-
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -8082,14 +8082,6 @@ ssl3_HandleClientHello(sslSocket *ss, PR
- }
- }
-
-- /* Generate the Server Random now so it is available
-- * when we process the ClientKeyShare in TLS 1.3 */
-- rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random);
-- if (rv != SECSuccess) {
-- errCode = SSL_ERROR_GENERATE_RANDOM_FAILURE;
-- goto loser;
-- }
--
- #ifndef TLS_1_3_DRAFT_VERSION
- /*
- * [draft-ietf-tls-tls13-11 Section 6.3.1.1].
-@@ -8878,6 +8870,7 @@ ssl_ConstructServerHello(sslSocket *ss,
- SECStatus rv;
- SSL3ProtocolVersion version;
- sslSessionID *sid = ss->sec.ci.sid;
-+ const PRUint8 *random;
-
- if (IS_DTLS(ss) && ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
- version = dtls_TLSVersionToDTLSVersion(ss->version);
-@@ -8889,9 +8882,17 @@ ssl_ConstructServerHello(sslSocket *ss,
- if (rv != SECSuccess) {
- return SECFailure;
- }
-- /* Random already generated in ssl3_HandleClientHello */
-- rv = sslBuffer_Append(messageBuf, helloRetry ? ssl_hello_retry_random : ss->ssl3.hs.server_random,
-- SSL3_RANDOM_LENGTH);
-+
-+ if (helloRetry) {
-+ random = ssl_hello_retry_random;
-+ } else {
-+ rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random);
-+ if (rv != SECSuccess) {
-+ return SECFailure;
-+ }
-+ random = ss->ssl3.hs.server_random;
-+ }
-+ rv = sslBuffer_Append(messageBuf, random, SSL3_RANDOM_LENGTH);
- if (rv != SECSuccess) {
- return SECFailure;
- }
-# HG changeset patch
-# User Martin Thomson <martin.thomson@gmail.com>
-# Date 1535458545 -7200
-# Tue Aug 28 14:15:45 2018 +0200
-# Node ID eee3954f57355ad04bc32f1c2dfe25d7e13a3382
-# Parent 4c7ffcfd43f613eb08ee7b4a75dbeb1a7fb540ce
-Bug 1483128 - Test that randoms aren't fixed, r?ekr
-
-Summary:
-We can't easily test that ClientHello.random and ServerHello.random are truly
-random in these tests, but we can catch mistakes the likes of which produced
-this bug. This just runs a few handshakes and tests that none of the random
-values are equal to any other, or they are equal to zero.
-
-Reviewers: ekr
-
-Subscribers: mt, ekr, beurdouche, kaie, jcj, ueno, rrelyea, wtc, HubertKario
-
-Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
-
-Bug #: 1483128
-
-Differential Revision: https://phabricator.services.mozilla.com/D4413
-
-diff --git a/gtests/ssl_gtest/ssl_loopback_unittest.cc b/gtests/ssl_gtest/ssl_loopback_unittest.cc
---- a/gtests/ssl_gtest/ssl_loopback_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_loopback_unittest.cc
-@@ -541,6 +541,47 @@ TEST_F(TlsConnectTest, OneNRecordSplitti
- EXPECT_EQ(ExpectedCbcLen(20), records->record(2).buffer.len());
- }
-
-+// We can't test for randomness easily here, but we can test that we don't
-+// produce a zero value, or produce the same value twice. There are 5 values
-+// here: two ClientHello.random, two ServerHello.random, and one zero value.
-+// Matrix them and fail if any are the same.
-+TEST_P(TlsConnectGeneric, CheckRandoms) {
-+ ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
-+
-+ static const size_t random_len = 32;
-+ uint8_t crandom1[random_len], srandom1[random_len];
-+ uint8_t z[random_len] = {0};
-+
-+ auto ch = MakeTlsFilter<TlsHandshakeRecorder>(client_, ssl_hs_client_hello);
-+ auto sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+ Connect();
-+ ASSERT_TRUE(ch->buffer().len() > (random_len + 2));
-+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+ memcpy(crandom1, ch->buffer().data() + 2, random_len);
-+ memcpy(srandom1, sh->buffer().data() + 2, random_len);
-+ EXPECT_NE(0, memcmp(crandom1, srandom1, random_len));
-+ EXPECT_NE(0, memcmp(crandom1, z, random_len));
-+ EXPECT_NE(0, memcmp(srandom1, z, random_len));
-+
-+ Reset();
-+ ch = MakeTlsFilter<TlsHandshakeRecorder>(client_, ssl_hs_client_hello);
-+ sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+ Connect();
-+ ASSERT_TRUE(ch->buffer().len() > (random_len + 2));
-+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+ const uint8_t* crandom2 = ch->buffer().data() + 2;
-+ const uint8_t* srandom2 = sh->buffer().data() + 2;
-+
-+ EXPECT_NE(0, memcmp(crandom2, srandom2, random_len));
-+ EXPECT_NE(0, memcmp(crandom2, z, random_len));
-+ EXPECT_NE(0, memcmp(srandom2, z, random_len));
-+
-+ EXPECT_NE(0, memcmp(crandom1, crandom2, random_len));
-+ EXPECT_NE(0, memcmp(crandom1, srandom2, random_len));
-+ EXPECT_NE(0, memcmp(srandom1, crandom2, random_len));
-+ EXPECT_NE(0, memcmp(srandom1, srandom2, random_len));
-+}
-+
- INSTANTIATE_TEST_CASE_P(
- GenericStream, TlsConnectGeneric,
- ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
-diff --git a/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc b/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
---- a/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
-@@ -350,6 +350,30 @@ TEST_P(SSLv2ClientHelloTest, RequireSafe
- Connect();
- }
-
-+TEST_P(SSLv2ClientHelloTest, CheckServerRandom) {
-+ ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
-+ SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
-+
-+ static const size_t random_len = 32;
-+ uint8_t srandom1[random_len];
-+ uint8_t z[random_len] = {0};
-+
-+ auto sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+ Connect();
-+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+ memcpy(srandom1, sh->buffer().data() + 2, random_len);
-+ EXPECT_NE(0, memcmp(srandom1, z, random_len));
-+
-+ Reset();
-+ sh = MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_server_hello);
-+ Connect();
-+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2));
-+ const uint8_t* srandom2 = sh->buffer().data() + 2;
-+
-+ EXPECT_NE(0, memcmp(srandom2, z, random_len));
-+ EXPECT_NE(0, memcmp(srandom1, srandom2, random_len));
-+}
-+
- // Connect to the server with TLS 1.1, signalling that this is a fallback from
- // a higher version. As the server doesn't support anything higher than TLS 1.1
- // it must accept the connection.
diff --git a/SOURCES/nss-sysinit-getenv.patch b/SOURCES/nss-sysinit-getenv.patch
index d3f47bc..9352e33 100644
--- a/SOURCES/nss-sysinit-getenv.patch
+++ b/SOURCES/nss-sysinit-getenv.patch
@@ -1,7 +1,7 @@
-diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
---- a/lib/sysinit/nsssysinit.c
-+++ b/lib/sysinit/nsssysinit.c
-@@ -1,11 +1,15 @@
+diff -up nss/lib/sysinit/nsssysinit.c.sysinit-getenv nss/lib/sysinit/nsssysinit.c
+--- nss/lib/sysinit/nsssysinit.c.sysinit-getenv 2019-04-26 12:08:48.155862312 +0200
++++ nss/lib/sysinit/nsssysinit.c 2019-04-26 12:09:13.228344780 +0200
+@@ -1,6 +1,10 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -12,17 +12,7 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
#include "seccomon.h"
#include "prio.h"
#include "prprf.h"
- #include "plhash.h"
- #include "prenv.h"
-
- /*
- * The following provides a default example for operating systems to set up
-@@ -37,17 +41,17 @@ testdir(char *dir)
- return S_ISDIR(buf.st_mode);
- }
-
- #define NSS_USER_PATH1 "/.pki"
- #define NSS_USER_PATH2 "/nssdb"
+@@ -41,7 +45,7 @@ testdir(char *dir)
static char *
getUserDB(void)
{
@@ -31,17 +21,7 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
char *nssdir = NULL;
if (userdir == NULL) {
- return NULL;
- }
-
- nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
- if (nssdir == NULL) {
-@@ -129,17 +133,17 @@ userCanModifySystemDB()
- #else
- #error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
- #endif
- #endif
-
+@@ -95,7 +99,7 @@ userCanModifySystemDB()
static PRBool
getFIPSEnv(void)
{
@@ -50,8 +30,3 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
if (!fipsEnv) {
return PR_FALSE;
}
- if ((strcasecmp(fipsEnv, "fips") == 0) ||
- (strcasecmp(fipsEnv, "true") == 0) ||
- (strcasecmp(fipsEnv, "on") == 0) ||
- (strcasecmp(fipsEnv, "1") == 0)) {
- return PR_TRUE;
diff --git a/SOURCES/nss-sysinit-userdb.patch b/SOURCES/nss-sysinit-userdb.patch
new file mode 100644
index 0000000..a88132a
--- /dev/null
+++ b/SOURCES/nss-sysinit-userdb.patch
@@ -0,0 +1,132 @@
+# HG changeset patch
+# User EdĂȘnis Freindorfer Azevedo <edenisfa@gmail.com>
+# Date 1547073505 -39600
+# Thu Jan 10 09:38:25 2019 +1100
+# Node ID da45424cb9a0b4d8e45e5040e2e3b574d994e254
+# Parent f7187a33fad7b9cafe0c2947c6d48618fdda57e4
+Bug 818686 - XDG Base Directory Specification support with fallback, r=mt
+
+Summary:
+We check if $HOME/.pki and $HOME/.pki/nssdb exist; if they do, then we use
+this path. Otherwise, use ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb
+
+Test Plan:
+Create dummy empty dir and set HOME to it. Then, check if getUserDb returns:
+1. $HOME/.pki/nssdb when this path exists;
+2. $HOME/.local/share/pki/nssdb when $HOME/.pki/nssdb does not and XDG_DATA_HOME is not defined;
+3. $XDG_DATA_HOME/pki/nssdb when $HOME/.pki/nssdb does not exist and XDG_DATA_HOME is defined.
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 818686
+
+Differential Revision: https://phabricator.services.mozilla.com/D14007
+
+diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
+--- a/lib/sysinit/nsssysinit.c
++++ b/lib/sysinit/nsssysinit.c
+@@ -37,9 +37,41 @@ testdir(char *dir)
+ return S_ISDIR(buf.st_mode);
+ }
+
++/**
++ * Append given @dir to @path and creates the directory with mode @mode.
++ * Returns 0 if successful, -1 otherwise.
++ * Assumes that the allocation for @path has sufficient space for @dir
++ * to be added.
++ */
++static int
++appendDirAndCreate(char *path, char *dir, mode_t mode)
++{
++ PORT_Strcat(path, dir);
++ if (!testdir(path)) {
++ if (mkdir(path, mode)) {
++ return -1;
++ }
++ }
++ return 0;
++}
++
++#define XDG_NSS_USER_PATH1 "/.local"
++#define XDG_NSS_USER_PATH2 "/share"
++#define XDG_NSS_USER_PATH3 "/pki"
++
+ #define NSS_USER_PATH1 "/.pki"
+ #define NSS_USER_PATH2 "/nssdb"
+-static char *
++
++/**
++ * Return the path to user's NSS database.
++ * We search in the following dirs in order:
++ * (1) $HOME/.pki/nssdb;
++ * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set;
++ * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value).
++ * If (1) does not exist, then the returned dir will be set to either
++ * (2) or (3), depending if XDG_DATA_HOME is set.
++ */
++char *
+ getUserDB(void)
+ {
+ char *userdir = PR_GetEnvSecure("HOME");
+@@ -50,22 +82,47 @@ getUserDB(void)
+ }
+
+ nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
++ PORT_Strcpy(nssdir, userdir);
++ PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2);
++ if (testdir(nssdir)) {
++ /* $HOME/.pki/nssdb exists */
++ return nssdir;
++ } else {
++ /* either $HOME/.pki or $HOME/.pki/nssdb does not exist */
++ PORT_Free(nssdir);
++ }
++ int size = 0;
++ char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME");
++ if (xdguserdatadir) {
++ size = strlen(xdguserdatadir);
++ } else {
++ size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2);
++ }
++ size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2);
++
++ nssdir = PORT_Alloc(size);
+ if (nssdir == NULL) {
+ return NULL;
+ }
+- PORT_Strcpy(nssdir, userdir);
+- /* verify it exists */
+- if (!testdir(nssdir)) {
+- PORT_Free(nssdir);
+- return NULL;
++
++ if (xdguserdatadir) {
++ PORT_Strcpy(nssdir, xdguserdatadir);
++ if (!testdir(nssdir)) {
++ PORT_Free(nssdir);
++ return NULL;
++ }
++
++ } else {
++ PORT_Strcpy(nssdir, userdir);
++ if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) ||
++ appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) {
++ PORT_Free(nssdir);
++ return NULL;
++ }
+ }
+- PORT_Strcat(nssdir, NSS_USER_PATH1);
+- if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
+- PORT_Free(nssdir);
+- return NULL;
+- }
+- PORT_Strcat(nssdir, NSS_USER_PATH2);
+- if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
++ /* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */
++ if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) ||
++ appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) {
+ PORT_Free(nssdir);
+ return NULL;
+ }
diff --git a/SOURCES/nss-tests-paypal-certs-v2.patch b/SOURCES/nss-tests-paypal-certs-v2.patch
deleted file mode 100644
index 8f37f8c..0000000
--- a/SOURCES/nss-tests-paypal-certs-v2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1541595734 -3600
-# Wed Nov 07 14:02:14 2018 +0100
-# Node ID 19fd907784e38a5febb54588353368af91b12551
-# Parent 3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8
-Bug 1505317, update PayPal test certs
-
-diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
---- a/tests/chains/scenarios/realcerts.cfg
-+++ b/tests/chains/scenarios/realcerts.cfg
-@@ -21,7 +21,7 @@ verify TestUser51:x
- result pass
-
- verify PayPalEE:x
-- policy OID.2.16.840.1.114412.1.1
-+ policy OID.2.16.840.1.114412.2.1
- result pass
-
- verify BrAirWaysBadSig:x
-diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst
---- a/tests/libpkix/vfychain_test.lst
-+++ b/tests/libpkix/vfychain_test.lst
-@@ -1,4 +1,4 @@
- # Status | Leaf Cert | Policies | Others(undef)
- 0 TestUser50 undef
- 0 TestUser51 undef
--0 PayPalEE OID.2.16.840.1.114412.1.1
-+0 PayPalEE OID.2.16.840.1.114412.2.1
diff --git a/SOURCES/nss-tests-ssl-normal-normal.patch b/SOURCES/nss-tests-ssl-normal-normal.patch
deleted file mode 100644
index aa5346a..0000000
--- a/SOURCES/nss-tests-ssl-normal-normal.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1520875743 -3600
-# Mon Mar 12 18:29:03 2018 +0100
-# Node ID 1053cc7b45a2dfe4a44558f0a0e7c4b3f0e9c6ec
-# Parent be88b7a4fb599a367a13688a9790d3010f3b3692
-Bug 1444960, Exercise SSL tests which only run under non-FIPS, r=kaie
-
-diff --git a/tests/all.sh b/tests/all.sh
---- a/tests/all.sh
-+++ b/tests/all.sh
-@@ -309,7 +309,7 @@ TESTS=${NSS_TESTS:-$tests}
-
- ALL_TESTS=${TESTS}
-
--nss_ssl_tests="crl iopr policy"
-+nss_ssl_tests="crl iopr policy normal_normal"
- if [ $NO_INIT_SUPPORT -eq 0 ]; then
- nss_ssl_tests="$nss_ssl_tests fips_normal normal_fips"
- fi
diff --git a/SOURCES/nss-version-range-set.patch b/SOURCES/nss-version-range-set.patch
new file mode 100644
index 0000000..8b3b25a
--- /dev/null
+++ b/SOURCES/nss-version-range-set.patch
@@ -0,0 +1,43 @@
+diff -up nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
+--- nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set 2019-04-26 16:56:32.753283497 +0200
++++ nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc 2019-04-26 16:56:51.096889439 +0200
+@@ -151,12 +151,6 @@ class TestPolicyVersionRange
+ }
+
+ bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) {
+- if (input_.min() <= SSL_LIBRARY_VERSION_3_0 &&
+- input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) {
+- // This is always invalid input, independent of policy
+- return false;
+- }
+-
+ if (input_.min() < library_.min() || input_.max() > library_.max() ||
+ input_.min() > input_.max()) {
+ // Asking for unsupported ranges is invalid input for VersionRangeSet
+diff -up nss/lib/ssl/sslsock.c.version-range-set nss/lib/ssl/sslsock.c
+--- nss/lib/ssl/sslsock.c.version-range-set 2019-04-26 16:56:11.810733383 +0200
++++ nss/lib/ssl/sslsock.c 2019-04-26 16:56:11.813733319 +0200
+@@ -2542,13 +2542,6 @@ SSL_VersionRangeGetDefault(SSLProtocolVa
+ return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
+ }
+
+-static PRBool
+-ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange)
+-{
+- return (vrange->min <= SSL_LIBRARY_VERSION_3_0 &&
+- vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3);
+-}
+-
+ static SECStatus
+ ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant,
+ SSLVersionRange *vrange)
+@@ -2557,8 +2550,7 @@ ssl3_CheckRangeValidAndConstrainByPolicy
+
+ if (vrange->min > vrange->max ||
+ !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) ||
+- !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) ||
+- ssl3_HasConflictingSSLVersions(vrange)) {
++ !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max)) {
+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ return SECFailure;
+ }
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index 2ad67f6..8b7324e 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -1,16 +1,28 @@
-%global nspr_version 4.19.0
-%global nss_util_version 3.36.0
-%global nss_util_build -1.1
+%global nspr_version 4.21.0
+%global nss_util_version 3.44.0
+%global nss_util_build -3
# adjust to the version that gets submitted for FIPS validation
-%global nss_softokn_fips_version 3.36.0
-%global nss_softokn_version 3.36.0
+%global nss_softokn_fips_version 3.44.0
+%global nss_softokn_version 3.44.0
# Attention: Separate softokn versions for build and runtime.
%global runtime_required_softokn_build_version -1
# Building NSS doesn't require the same version of softokn built for runtime.
%global build_required_softokn_build_version -1
+%global nss_version 3.44.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
-%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
+%global allTools "certutil cmsutil crlutil derdump modutil nss-policy-check pk12util pp signtool signver ssltap vfychain vfyserv"
+
+# The timestamp of our downstream manual pages, e.g., nss-config.1
+%global manual_date "Nov 13 2013"
+
+# The upstream omits the trailing ".0", while we need it for
+# consistency with the pkg-config version:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
+%{lua:
+rpm.define(string.format("nss_archive_version %s",
+ string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
+}
# solution taken from icedtea-web.spec
%define multilib_arches ppc64 s390x sparc64 x86_64
@@ -24,10 +36,12 @@
# To "disable", add "#" to start of line, AND a space after "%".
#% define nss_ckbi_suffix .with.ckbi.1.93
+%bcond_without tests
+
Summary: Network Security Services
Name: nss
-Version: 3.36.0
-Release: 7.1%{?dist}
+Version: %{nss_version}
+Release: 4%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -63,7 +77,7 @@ Requires: nss-pem%{?_isa}
%define full_nss_version %{version}
%endif
-Source0: %{name}-%{full_nss_version}.tar.gz
+Source0: %{name}-%{nss_archive_version}.tar.gz
Source1: nss.pc.in
Source2: nss-config.in
Source3: blank-cert8.db
@@ -93,9 +107,6 @@ Source33: TestOldCA.p12
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch
Patch16: nss-539183.patch
-# Remove this patch on when we rebase to NSS 3.40, bug 1639404
-Patch17: nss-3.36-ipsec_cert_vfy.patch
-Patch18: nss-tests-paypal-certs-v2.patch
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
@@ -111,7 +122,6 @@ Patch49: nss-skip-bltest-and-fipstest.patch
Patch50: iquote.patch
Patch52: Bug-1001841-disable-sslv2-libssl.patch
Patch53: Bug-1001841-disable-sslv2-tests.patch
-Patch55: enable-fips-when-system-is-in-fips-mode.patch
# rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
Patch56: p-ignore-setpolicy.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
@@ -121,27 +131,42 @@ Patch108: nss-sni-c-v-fix.patch
Patch123: nss-skip-util-gtest.patch
Patch126: nss-reorder-cipher-suites.patch
Patch127: nss-disable-cipher-suites.patch
-Patch128: nss-enable-cipher-suites.patch
Patch130: nss-reorder-cipher-suites-gtests.patch
-Patch131: nss-disable-tls13-gtests.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
-Patch135: nss-check-policy-file.patch
# To revert the change in:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1377940
Patch136: nss-sql-default.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1278071
-Patch137: nss-pkcs12-iterations-limit.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1447628
-Patch138: nss-devslot-reinsert.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1453408
Patch139: nss-modutil-skip-changepw-fips.patch
# Work around for yum
# https://bugzilla.redhat.com/show_bug.cgi?id=1469526
Patch141: nss-sysinit-getenv.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
-Patch142: nss-ssl2-server-random.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1444960
-Patch143: nss-tests-ssl-normal-normal.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1542207
+Patch147: nss-dsa-policy.patch
+# To revert the change in:
+# https://bugzilla.mozilla.org/show_bug.cgi?id=818686
+Patch148: nss-sysinit-userdb.patch
+# Disable nss-sysinit test which is sorely to test the above change
+Patch149: nss-skip-sysinit-gtests.patch
+# Enable SSLv2 compatible ClientHello, disabled in the change:
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
+Patch150: nss-ssl2-compatible-client-hello.patch
+# TLS 1.3 currently doesn't work under FIPS mode:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1710372
+Patch151: nss-skip-tls13-fips-tests.sh
+# For backward compatibility: make -V "ssl3:" continue working, while
+# the minimum version is clamped to tls1.0
+Patch152: nss-version-range-set.patch
+# TLS 1.3 currently doesn't work under FIPS mode:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1710372
+Patch153: nss-fips-disable-tls13.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552208
+Patch154: nss-disable-pkcs1-sigalgs-tls13.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
+Patch155: nss-post-handshake-auth-with-tickets.patch
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1473806
+Patch156: nss-fix-public-key-from-priv.patch
+Patch157: nss-add-ipsec-usage-to-manpage.patch
+
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -211,7 +236,7 @@ low level services.
%prep
-%setup -q
+%setup -q -n %{name}-%{nss_archive_version}
%{__cp} %{SOURCE10} -f ./nss/tests/libpkix/certs
%{__cp} %{SOURCE17} -f ./nss/tests/libpkix/certs
%{__cp} %{SOURCE18} -f ./nss/tests/libpkix/certs
@@ -219,15 +244,10 @@ low level services.
%{__cp} %{SOURCE30} -f ./nss/tests/libpkix/certs
%{__cp} %{SOURCE31} -f ./nss/tests/libpkix/certs
%{__cp} %{SOURCE33} -f ./nss/tests/tools
-%setup -q -T -D -n %{name}-%{version}
%patch2 -p0 -b .relro
%patch3 -p0 -b .transitional
%patch16 -p0 -b .539183
-pushd nss
-%patch17 -p1 -b .ipsec_vfy
-%patch18 -p1 -b .update_paypal
-popd
%patch40 -p0 -b .noocsptest
%patch47 -p0 -b .templates
%patch49 -p0 -b .skipthem
@@ -235,7 +255,6 @@ popd
pushd nss
%patch52 -p1 -b .disableSSL2libssl
%patch53 -p1 -b .disableSSL2tests
-%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode
%patch56 -p1 -b .1026677_ignore_set_policy
%patch62 -p1 -b .fix_deadlock
%patch100 -p0 -b .1171318
@@ -245,18 +264,22 @@ pushd nss
%patch123 -p1 -b .skip-util-gtests
%patch126 -p1 -b .reorder-cipher-suites
%patch127 -p1 -b .disable-cipher-suites
-%patch128 -p1 -b .enable-cipher-suites
%patch130 -p1 -b .reorder-cipher-suites-gtests
-%patch131 -p1 -b .disable-tls13-gtests
-%patch135 -p1 -b .check_policy_file
%patch136 -p1 -R -b .sql-default
-%patch137 -p1 -b .pkcs12-iterations-limit
-%patch138 -p1 -b .devslot-reinsert
%patch139 -p1 -b .modutil-skip-changepw-fips
+%patch148 -R -p1 -b .sysinit-userdb
%patch141 -p1 -b .sysinit-getenv
-%patch142 -p1 -b .ssl2-server-random
-%patch143 -p1 -b .tests-ssl-normal-normal
+%patch147 -p1 -b .dsa-policy
+%patch149 -p1 -b .skip-sysinit-gtests
+%patch150 -p1 -b .ssl2hello
+%patch151 -p1 -b .skip-tls13-fips-mode
+%patch152 -p1 -b .version-range-set
+%patch153 -p1 -b .fips-disable-tls13
+%patch154 -p1 -b .disable-pkcs1-sigalgs-tls13
+%patch155 -p1 -b .post-handshake-auth-with-tickets
popd
+%patch156 -p1 -b .pub-priv-mechs
+%patch157 -p1 -b .ipsec-usage
#########################################################
# Higher-level libraries and test tools need access to
@@ -360,8 +383,6 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1
##### phase 2: build the rest of nss
export NSS_BLTEST_NOT_AVAILABLE=1
-export NSS_DISABLE_TLS_1_3=1
-
export NSS_FORCE_FIPS=1
%{__make} -C ./nss/coreconf
@@ -383,8 +404,12 @@ export POLICY_PATH="/etc/pki/nss-legacy"
unset NSS_BLTEST_NOT_AVAILABLE
# build the man pages clean
-pushd ./nss
-%{__make} clean_docs build_docs
+pushd ./nss/doc
+rm -rf ./nroff
+%{__make} clean
+echo -n %{manual_date} > date.xml
+echo -n %{version} > version.xml
+%{__make}
popd
# and copy them to the dist directory for %%install to find them
@@ -430,7 +455,7 @@ chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
%{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/
-date +"%e %B %Y" | tr -d '\n' > date.xml
+echo -n %{manual_date} > date.xml
echo -n %{version} > version.xml
# configuration files and setup script
@@ -451,6 +476,7 @@ done
%check
+%if %{with tests}
if [ ${DISABLETEST:-0} -eq 1 ]; then
echo "testing disabled"
exit 0
@@ -475,8 +501,6 @@ export USE_64
export NSS_BLTEST_NOT_AVAILABLE=1
-export NSS_DISABLE_TLS_1_3=1
-
export NSS_FORCE_FIPS=1
# needed for the fips mangling test
@@ -484,6 +508,13 @@ export SOFTOKEN_LIB_DIR=%{_libdir}
# End -- copied from the build section
+export GTESTS="certhigh_gtest certdb_gtest der_gtest pk11_gtest softoken_gtest smime_gtest"
+export GTESTFILTER='-TlsConnectTest.DisallowSSLv3HelloWithTLSv13Enabled'
+
+# This is necessary because the test suite tests algorithms that are
+# disabled by the system policy.
+export NSS_IGNORE_SYSTEM_POLICY=1
+
# enable the following line to force a test failure
# find ./nss -name \*.chk | xargs rm -f
@@ -550,7 +581,7 @@ popd
# GREP_EXIT_STATUS > 1 would indicate an error in grep such as failure to find the log file.
killall $RANDSERV || :
-TEST_FAILURES=$(grep -c FAILED ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
+TEST_FAILURES=$(grep -c -- '- FAILED$' ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
if [ ${GREP_EXIT_STATUS:-0} -eq 1 ]; then
echo "okay: test suite detected no failures"
else
@@ -577,6 +608,7 @@ else
%endif
fi
echo "test suite completed"
+%endif
%install
@@ -621,13 +653,13 @@ do
done
# Copy the binaries we want
-for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
do
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
done
# Copy the binaries we ship as unsupported
-for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+for file in atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
do
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done
@@ -749,8 +781,8 @@ fi
%{_bindir}/cmsutil
%{_bindir}/crlutil
%{_bindir}/modutil
+%{_bindir}/nss-policy-check
%{_bindir}/pk12util
-%{_bindir}/signtool
%{_bindir}/signver
%{_bindir}/ssltap
%{unsupported_tools_directory}/atob
@@ -760,6 +792,7 @@ fi
%{unsupported_tools_directory}/ocspclnt
%{unsupported_tools_directory}/pp
%{unsupported_tools_directory}/selfserv
+%{unsupported_tools_directory}/signtool
%{unsupported_tools_directory}/strsclnt
%{unsupported_tools_directory}/symkeyutil
%{unsupported_tools_directory}/tstclnt
@@ -771,12 +804,13 @@ fi
%attr(0644,root,root) %doc /usr/share/man/man1/cmsutil.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/crlutil.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/modutil.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/nss-policy-check.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/pk12util.1.gz
-%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/signver.1.gz
# unsupported tools
%attr(0644,root,root) %doc /usr/share/man/man1/derdump.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/pp.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/ssltap.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/vfychain.1.gz
%attr(0644,root,root) %doc /usr/share/man/man1/vfyserv.1.gz
@@ -856,7 +890,64 @@ fi
%changelog
-* Mon Nov 12 2018 Bob Relyea <rrelyea@redhat.com> - 3.36.0-7.1
+* Wed Jun 5 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-4
+- Fix certutil man page
+- Fix extracting a public key from a private key for dh, ec, and dsa
+
+* Thu May 30 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-3
+- Disable TLS 1.3 under FIPS mode
+- Disable RSASSA-PKCS1-v1_5 in TLS 1.3
+- Fix post-handshake auth transcript calculation if
+ SSL_ENABLE_SESSION_TICKETS is set
+
+* Thu May 16 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-2
+- Skip sysinit gtests properly
+- Fix shell syntax error in tests/ssl/ssl.sh
+- Regenerate manual pages
+
+* Wed May 15 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-1
+- Rebase to NSS 3.44
+- Restore fix-min-library-version-in-SSLVersionRange.patch to keep
+ SSL3 supported in the code level while it is disabled by policy
+- Skip TLS 1.3 tests under FIPS mode
+
+* Fri May 10 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-9
+- Ignore system policy when running %%check
+
+* Fri May 3 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-8
+- Fix policy string
+
+* Fri Apr 26 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-7
+- Don't override date in man-pages
+- Revert the change to use XDG basedirs (mozilla#818686)
+- Enable SSL2 compatible ClientHello by default
+- Disable SSL3 and RC4 by default
+
+* Mon Apr 8 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-6
+- Make "-V ssl3:" option work with tools
+
+* Fri Apr 5 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-5
+- Fix regression in MD5 disablement
+
+* Mon Apr 1 2019 Bob Relyea <rrelyea@redhat.com> - 3.43.0-4
+- add certutil documentation
+
+* Thu Mar 28 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-3
+- Restore complete removal of SSLv2
+- Disable SSLv3
+- Move signtool to unsupported directory
+
+* Mon Mar 25 2019 Bob Relyea <rrelyea@redhat.com> - 3.43.0-2
+- Expand IPSEC usage to include ssl and email certs. Remove special
+ processing of the usage based on the critical flag
+
+* Thu Mar 21 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-1
+- Rebase to NSS 3.43
+
+* Mon Feb 25 2019 Bob Relyea <rrelyea@redhat.com> - 3.36.0-8.1
+- move key on unwrap failure and retry.
+
+* Mon Nov 12 2018 Bob Relyea <rrelyea@redhat.com> - 3.36.0-8
- Update the cert verify code to allow a new ipsec usage and follow RFC 4945
* Wed Aug 29 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-7