diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 8e4edcad885..d38fc19f40e 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -22,11 +22,11 @@ let in stdenv.mkDerivation rec { name = "nss-${version}"; - version = "3.14"; + version = "3.14.3"; src = fetchurl { - url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_RTM/src/${name}.tar.gz"; - sha1 = "ace3642fb2ca67854ea7075d053ca01a6d81e616"; + url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_3_RTM/src/${name}.tar.gz"; + sha1 = "94d8781d1fa29cfbd37453dda3e9488709b82c4c"; }; buildInputs = [ nspr perl zlib sqlite ]; @@ -38,14 +38,28 @@ in stdenv.mkDerivation rec { ''; patches = [ - ./nss-3.12.5-gentoo-fixups.diff + ./nss-3.14.1-gentoo-fixups-r1.patch secLoadPatch ./nix_secload_fixup.patch + ./sync-up-with-upstream-softokn-changes.patch ]; postPatch = '' sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn - sed -i -e "/^PREFIX =/s:= /usr:= $out:" mozilla/security/nss/config/Makefile + + # Fix up the patch from Gentoo + sed -i \ + -e "/^PREFIX =/s|= /usr|= $out|" \ + -e '/@libdir@/s|gentoo/nss|lib|' \ + -e '/ln -sf/d' \ + mozilla/security/nss/config/Makefile + + # Note for spacing/tab nazis: The TAB characters are intentional! + cat >> mozilla/security/nss/config/Makefile < nss.pc + chmod 0644 nss.pc ++ ln -sf ../../../../../security/nss/config/nss.pc $(DIST)/lib/pkgconfig + + # Create the nss-config script + mkdir -p $(DIST)/bin @@ -34,19 +36,15 @@ diff -urN nss-3.12.5-orig/mozilla/security/nss/config/Makefile nss-3.12.5/mozill + -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ + nss-config.in > nss-config + chmod 0755 nss-config -+ # ln -sf ../../../../security/nss/config/nss-config $(DIST)/bin ++ ln -sf ../../../../security/nss/config/nss-config $(DIST)/bin + +libs: + +dummy: all export libs + -+install: -+ mkdir -p $(DIST)/lib/pkgconfig -+ cp nss.pc $(DIST)/lib/pkgconfig -+ -diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss-config.in nss-3.12.5/mozilla/security/nss/config/nss-config.in ---- nss-3.12.5-orig/mozilla/security/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600 -+++ nss-3.12.5/mozilla/security/nss/config/nss-config.in 2009-09-14 21:47:45.190638078 -0500 +diff -urN a/mozilla/security/nss/config/nss-config.in b/mozilla/security/nss/config/nss-config.in +--- a/mozilla/security/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600 ++++ b/mozilla/security/nss/config/nss-config.in 2012-12-15 07:27:20.651148959 -0600 @@ -0,0 +1,145 @@ +#!/bin/sh + @@ -177,7 +175,7 @@ diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss-config.in nss-3.12.5/m +fi + +if test "$echo_libs" = "yes"; then -+ libdirs="-Wl,-R$libdir -L$libdir" ++ libdirs="" + if test -n "$lib_ssl"; then + libdirs="$libdirs -lssl${major_version}" + fi @@ -193,9 +191,9 @@ diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss-config.in nss-3.12.5/m + echo $libdirs +fi + -diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss.pc.in nss-3.12.5/mozilla/security/nss/config/nss.pc.in ---- nss-3.12.5-orig/mozilla/security/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600 -+++ nss-3.12.5/mozilla/security/nss/config/nss.pc.in 2009-09-14 21:45:45.653637310 -0500 +diff -urN a/mozilla/security/nss/config/nss.pc.in b/mozilla/security/nss/config/nss.pc.in +--- a/mozilla/security/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600 ++++ b/mozilla/security/nss/config/nss.pc.in 2012-12-15 07:27:20.651148959 -0600 @@ -0,0 +1,12 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ @@ -206,13 +204,13 @@ diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss.pc.in nss-3.12.5/mozil +Description: Network Security Services +Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ +Requires: nspr >= 4.8 -+Libs: -L${libdir} -lssl3 -lsmime3 -lnssutil3 -lnss3 -Wl,-R${libdir} ++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 +Cflags: -I${includedir} + -diff -urN nss-3.12.5-orig/mozilla/security/nss/Makefile nss-3.12.5/mozilla/security/nss/Makefile ---- nss-3.12.5-orig/mozilla/security/nss/Makefile 2008-12-02 17:24:39.000000000 -0600 -+++ nss-3.12.5/mozilla/security/nss/Makefile 2009-09-14 21:45:45.678657145 -0500 -@@ -78,7 +78,7 @@ +diff -urN a/mozilla/security/nss/Makefile b/mozilla/security/nss/Makefile +--- a/mozilla/security/nss/Makefile 2012-11-13 19:14:07.000000000 -0600 ++++ b/mozilla/security/nss/Makefile 2012-12-15 07:27:57.235162137 -0600 +@@ -44,7 +44,7 @@ # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### @@ -221,27 +219,25 @@ diff -urN nss-3.12.5-orig/mozilla/security/nss/Makefile nss-3.12.5/mozilla/secur nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber -@@ -140,12 +140,6 @@ +@@ -106,12 +106,6 @@ --with-dist-prefix='$(NSPR_PREFIX)' \ --with-dist-includedir='$(NSPR_PREFIX)/include' -build_nspr: $(NSPR_CONFIG_STATUS) -- cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) +- $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) - -clobber_nspr: $(NSPR_CONFIG_STATUS) -- cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber +- $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) clobber - build_dbm: - ifndef NSS_DISABLE_DBM - cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs -diff -urN nss-3.12.5-orig/mozilla/security/nss/manifest.mn nss-3.12.5/mozilla/security/nss/manifest.mn ---- nss-3.12.5-orig/mozilla/security/nss/manifest.mn 2008-04-04 15:36:59.000000000 -0500 -+++ nss-3.12.5/mozilla/security/nss/manifest.mn 2009-09-14 21:45:45.703656167 -0500 -@@ -42,6 +42,6 @@ + ifdef NSS_DISABLE_DBM + @echo "skipping the build of DBM" +diff -urN a/mozilla/security/nss/manifest.mn b/mozilla/security/nss/manifest.mn +--- a/mozilla/security/nss/manifest.mn 2012-03-20 09:46:49.000000000 -0500 ++++ b/mozilla/security/nss/manifest.mn 2012-12-15 07:27:20.652148933 -0600 +@@ -10,6 +10,6 @@ RELEASE = nss -DIRS = lib cmd +DIRS = lib cmd config - - diff --git a/pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch b/pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch new file mode 100644 index 00000000000..4942debcd30 --- /dev/null +++ b/pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch @@ -0,0 +1,406 @@ +From d6dbecfea317a468be12423595e584f43d84d8ec Mon Sep 17 00:00:00 2001 +From: Elio Maldonado +Date: Sat, 9 Feb 2013 17:11:00 -0500 +Subject: [PATCH] Sync up with upstream softokn changes + +- Disable RSA OEP case in FormatBlock, RSA_OAEP support is experimental and in a state of flux +- Numerous change upstream due to the work for TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169 +- It now compiles with the NSS_3_14_3_BETA1 source +--- + mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 338 +++++++------------------- + 1 files changed, 82 insertions(+), 256 deletions(-) + +diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +index 5ac4f39..3780d30 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c ++++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +@@ -46,6 +46,7 @@ + #include "sechash.h" + #include "base.h" + ++#include "lowkeyi.h" + #include "secerr.h" + + #define RSA_BLOCK_MIN_PAD_LEN 8 +@@ -54,9 +55,8 @@ + #define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff + #define RSA_BLOCK_AFTER_PAD_OCTET 0x00 + +-#define OAEP_SALT_LEN 8 +-#define OAEP_PAD_LEN 8 +-#define OAEP_PAD_OCTET 0x00 ++/* Needed for RSA-PSS functions */ ++static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + + #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ + +@@ -78,127 +78,39 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk) + return 0; + } + +-static SHA1Context *SHA1_CloneContext(SHA1Context * original) +-{ +- SHA1Context *clone = NULL; +- unsigned char *pBuf; +- int sha1ContextSize = SHA1_FlattenSize(original); +- SECStatus frv; +- unsigned char buf[FLAT_BUFSIZE]; +- +- PORT_Assert(sizeof buf >= sha1ContextSize); +- if (sizeof buf >= sha1ContextSize) { +- pBuf = buf; +- } else { +- pBuf = nss_ZAlloc(NULL, sha1ContextSize); +- if (!pBuf) +- goto done; +- } +- +- frv = SHA1_Flatten(original, pBuf); +- if (frv == SECSuccess) { +- clone = SHA1_Resurrect(pBuf, NULL); +- memset(pBuf, 0, sha1ContextSize); +- } +- done: +- if (pBuf != buf) +- nss_ZFreeIf(pBuf); +- return clone; ++/* Constant time comparison of a single byte. ++ * Returns 1 iff a == b, otherwise returns 0. ++ * Note: For ranges of bytes, use constantTimeCompare. ++ */ ++static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) { ++ unsigned char c = ~(a - b | b - a); ++ c >>= 7; ++ return c; + } + +-/* +- * Modify data by XORing it with a special hash of salt. ++/* Constant time comparison of a range of bytes. ++ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise ++ * returns 0. + */ +-static SECStatus +-oaep_xor_with_h1(unsigned char *data, unsigned int datalen, +- unsigned char *salt, unsigned int saltlen) +-{ +- SHA1Context *sha1cx; +- unsigned char *dp, *dataend; +- unsigned char end_octet; +- +- sha1cx = SHA1_NewContext(); +- if (sha1cx == NULL) { +- return SECFailure; +- } +- +- /* +- * Get a hash of salt started; we will use it several times, +- * adding in a different end octet (x00, x01, x02, ...). +- */ +- SHA1_Begin(sha1cx); +- SHA1_Update(sha1cx, salt, saltlen); +- end_octet = 0; +- +- dp = data; +- dataend = data + datalen; +- +- while (dp < dataend) { +- SHA1Context *sha1cx_h1; +- unsigned int sha1len, sha1off; +- unsigned char sha1[SHA1_LENGTH]; +- +- /* +- * Create hash of (salt || end_octet) +- */ +- sha1cx_h1 = SHA1_CloneContext(sha1cx); +- SHA1_Update(sha1cx_h1, &end_octet, 1); +- SHA1_End(sha1cx_h1, sha1, &sha1len, sizeof(sha1)); +- SHA1_DestroyContext(sha1cx_h1, PR_TRUE); +- PORT_Assert(sha1len == SHA1_LENGTH); +- +- /* +- * XOR that hash with the data. +- * When we have fewer than SHA1_LENGTH octets of data +- * left to xor, use just the low-order ones of the hash. +- */ +- sha1off = 0; +- if ((dataend - dp) < SHA1_LENGTH) +- sha1off = SHA1_LENGTH - (dataend - dp); +- while (sha1off < SHA1_LENGTH) +- *dp++ ^= sha1[sha1off++]; +- +- /* +- * Bump for next hash chunk. +- */ +- end_octet++; +- } +- +- SHA1_DestroyContext(sha1cx, PR_TRUE); +- return SECSuccess; ++static unsigned char constantTimeCompare(const unsigned char *a, ++ const unsigned char *b, ++ unsigned int len) { ++ unsigned char tmp = 0; ++ unsigned int i; ++ for (i = 0; i < len; ++i, ++a, ++b) ++ tmp |= *a ^ *b; ++ return constantTimeEQ8(0x00, tmp); + } + +-/* +- * Modify salt by XORing it with a special hash of data. ++/* Constant time conditional. ++ * Returns a if c is 1, or b if c is 0. The result is undefined if c is ++ * not 0 or 1. + */ +-static SECStatus +-oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen, +- unsigned char *data, unsigned int datalen) ++static unsigned int constantTimeCondition(unsigned int c, ++ unsigned int a, ++ unsigned int b) + { +- unsigned char sha1[SHA1_LENGTH]; +- unsigned char *psalt, *psha1, *saltend; +- SECStatus rv; +- +- /* +- * Create a hash of data. +- */ +- rv = SHA1_HashBuf(sha1, data, datalen); +- if (rv != SECSuccess) { +- return rv; +- } +- +- /* +- * XOR the low-order octets of that hash with salt. +- */ +- PORT_Assert(saltlen <= SHA1_LENGTH); +- saltend = salt + saltlen; +- psalt = salt; +- psha1 = sha1 + SHA1_LENGTH - saltlen; +- while (psalt < saltend) { +- *psalt++ ^= *psha1++; +- } +- +- return SECSuccess; ++ return (~(c - 1) & a) | ((c - 1) & b); + } + + /* +@@ -212,7 +124,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, + unsigned char *block; + unsigned char *bp; + int padLen; +- int i; ++ int i, j; + SECStatus rv; + + block = (unsigned char *) nss_ZAlloc(NULL, modulusLen); +@@ -260,124 +172,58 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, + */ + case RSA_BlockPublic: + +- /* +- * 0x00 || BT || Pad || 0x00 || ActualData +- * 1 1 padLen 1 data->len +- * Pad is all non-zero random bytes. +- */ +- padLen = modulusLen - data->len - 3; +- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN); +- if (padLen < RSA_BLOCK_MIN_PAD_LEN) { +- nss_ZFreeIf(block); +- return NULL; +- } +- for (i = 0; i < padLen; i++) { +- /* Pad with non-zero random data. */ +- do { +- rv = RNG_GenerateGlobalRandomBytes(bp + i, 1); +- } while (rv == SECSuccess +- && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET); +- if (rv != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- } +- bp += padLen; +- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; +- nsslibc_memcpy(bp, data->data, data->len); +- +- break; +- +- /* +- * Blocks intended for public-key operation, using +- * Optimal Asymmetric Encryption Padding (OAEP). +- */ +- case RSA_BlockOAEP: +- /* +- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData) +- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N] +- * +- * where: +- * PaddedData is "Pad1 || ActualData [|| Pad2]" +- * Salt is random data. +- * Pad1 is all zeros. +- * Pad2, if present, is random data. +- * (The "modified" fields are all the same length as the original +- * unmodified values; they are just xor'd with other values.) +- * +- * Modified1 is an XOR of PaddedData with a special octet +- * string constructed of iterated hashing of Salt (see below). +- * Modified2 is an XOR of Salt with the low-order octets of +- * the hash of Modified1 (see farther below ;-). +- * +- * Whew! +- */ +- +- +- /* +- * Salt +- */ +- rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN); +- if (rv != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- bp += OAEP_SALT_LEN; +- +- /* +- * Pad1 +- */ +- nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN); +- bp += OAEP_PAD_LEN; +- +- /* +- * Data +- */ +- nsslibc_memcpy(bp, data->data, data->len); +- bp += data->len; +- +- /* +- * Pad2 +- */ +- if (bp < (block + modulusLen)) { +- rv = RNG_GenerateGlobalRandomBytes(bp, +- block - bp + modulusLen); +- if (rv != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- } +- +- /* +- * Now we have the following: +- * 0x00 || BT || Salt || PaddedData +- * (From this point on, "Pad1 || Data [|| Pad2]" is treated +- * as the one entity PaddedData.) +- * +- * We need to turn PaddedData into Modified1. +- */ +- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN, +- modulusLen - 2 - OAEP_SALT_LEN, +- block + 2, OAEP_SALT_LEN) != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- +- /* +- * Now we have: +- * 0x00 || BT || Salt || Modified1(PaddedData) +- * +- * The remaining task is to turn Salt into Modified2. +- */ +- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN, +- block + 2 + OAEP_SALT_LEN, +- modulusLen - 2 - OAEP_SALT_LEN) != +- SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- +- break; ++ /* ++ * 0x00 || BT || Pad || 0x00 || ActualData ++ * 1 1 padLen 1 data->len ++ * Pad is all non-zero random bytes. ++ * ++ * Build the block left to right. ++ * Fill the entire block from Pad to the end with random bytes. ++ * Use the bytes after Pad as a supply of extra random bytes from ++ * which to find replacements for the zero bytes in Pad. ++ * If we need more than that, refill the bytes after Pad with ++ * new random bytes as necessary. ++ */ ++ padLen = modulusLen - (data->len + 3); ++ PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN); ++ if (padLen < RSA_BLOCK_MIN_PAD_LEN) { ++ nss_ZFreeIf (block); ++ return NULL; ++ } ++ j = modulusLen - 2; ++ rv = RNG_GenerateGlobalRandomBytes(bp, j); ++ if (rv == SECSuccess) { ++ for (i = 0; i < padLen; ) { ++ unsigned char repl; ++ /* Pad with non-zero random data. */ ++ if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) { ++ ++i; ++ continue; ++ } ++ if (j <= padLen) { ++ rv = RNG_GenerateGlobalRandomBytes(bp + padLen, ++ modulusLen - (2 + padLen)); ++ if (rv != SECSuccess) ++ break; ++ j = modulusLen - 2; ++ } ++ do { ++ repl = bp[--j]; ++ } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen); ++ if (repl != RSA_BLOCK_AFTER_PAD_OCTET) { ++ bp[i++] = repl; ++ } ++ } ++ } ++ if (rv != SECSuccess) { ++ /*sftk_fatalError = PR_TRUE;*/ ++ nss_ZFreeIf (block); ++ return NULL; ++ } ++ bp += padLen; ++ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; ++ nsslibc_memcpy(bp, data->data, data->len); ++ break; + + default: + PORT_Assert(0); +@@ -427,26 +273,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen, + + break; + +- case RSA_BlockOAEP: +- /* +- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2]) +- * +- * The "2" below is the first octet + the second octet. +- * (The other fields do not contain the clear values, but are +- * the same length as the clear values.) +- */ +- PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN +- + OAEP_PAD_LEN))); +- +- result->data = rsa_FormatOneBlock(modulusLen, blockType, data); +- if (result->data == NULL) { +- result->len = 0; +- return SECFailure; +- } +- result->len = modulusLen; +- +- break; +- + case RSA_BlockRaw: + /* + * Pad || ActualData +-- +1.7.1 +