Resolves: rhbz#1768653
NSS softoken does not include CKM_NSS_IKE1_APP_B_PRF_DERIVE in it's mechanism list, causing libreswan to crash.
This commit is contained in:
parent
74e1e8c297
commit
0102258016
22
nss-3.47-ike-fix.patch
Normal file
22
nss-3.47-ike-fix.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff -up ./lib/softoken/pkcs11.c.ike_fix ./lib/softoken/pkcs11.c
|
||||
--- ./lib/softoken/pkcs11.c.ike_fix 2019-11-04 10:15:08.022176945 -0800
|
||||
+++ ./lib/softoken/pkcs11.c 2019-11-04 10:17:35.396733750 -0800
|
||||
@@ -330,7 +330,7 @@ static const struct mechanismList mechan
|
||||
{ CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE },
|
||||
{ CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE },
|
||||
{ CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE },
|
||||
- { CKM_AES_XCBC_MAC_96, { 16, 16, CKF_SN_VR }, PR_TRUE },
|
||||
+ { CKM_AES_XCBC_MAC_96, { 12, 12, CKF_SN_VR }, PR_TRUE },
|
||||
{ CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
|
||||
/* ------------------------- Camellia Operations --------------------- */
|
||||
{ CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
|
||||
@@ -518,7 +518,8 @@ static const struct mechanismList mechan
|
||||
/* --------------------IPSEC ----------------------- */
|
||||
{ CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE },
|
||||
{ CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
|
||||
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }
|
||||
+ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
|
||||
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }
|
||||
};
|
||||
static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);
|
||||
|
7
nss.spec
7
nss.spec
@ -43,7 +43,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: %{nss_version}
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Requires: nspr >= %{nspr_version}
|
||||
@ -105,6 +105,8 @@ Patch2: nss-539183.patch
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||
# but it doesn't hurt to keep it.
|
||||
Patch4: iquote.patch
|
||||
# add missing ike mechanism to softoken
|
||||
Patch10: nss-3.47-ike-fix.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
@ -870,6 +872,9 @@ update-crypto-policies &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 7 2019 Bob Relyea <rrelyea@redhat.com> - 3.47.0-3
|
||||
- Include ike mechanism fix
|
||||
|
||||
* Wed Oct 23 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-2
|
||||
- Install cmac.h required by blapi.h (#1764513)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user