dev-libs/nss/files/nss-3.44-CVE-2020-12403-set2.patch - third_party/overlays/chromiumos-overlay - Git at Google


 # HG changeset patch
 # User Benjamin Beurdouche <bbeurdouche@mozilla.com>
 # Date 1595031218 0
 # Node ID c25adfdfab34ddb08d3262aac3242e3399de1095
 # Parent  f282556e6cc7715f5754aeaadda6f902590e7e38
 Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea

 Differential Revision: https://phabricator.services.mozilla.com/D74801

 diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
 index a041947..a92c28a 100644
 --- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
 +++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
 @@ -44,7 +44,15 @@ class Pkcs11ChaCha20Poly1305Test
      SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
                        sizeof(aead_params)};

 -    // Encrypt.
 +    // Encrypt with bad parameters (TagLen is too short).
 +    aead_params.ulTagLen = 2;
 +    rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
 +                      &encrypted_len, encrypted.size(), data, data_len);
 +    EXPECT_EQ(SECFailure, rv);
 +    EXPECT_EQ(0U, encrypted_len);
 +
 +     // Encrypt.
 +    aead_params.ulTagLen = 16;
      unsigned int outputLen = 0;
      std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
      SECStatus rv = PK11_Encrypt(key.get(), kMech, &params, output.data(),

 diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
 --- a/lib/freebl/chacha20poly1305.c
 +++ b/lib/freebl/chacha20poly1305.c
 @@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol
  {
  #ifdef NSS_DISABLE_CHACHAPOLY
      return SECFailure;
  #else
      if (keyLen != 32) {
          PORT_SetError(SEC_ERROR_BAD_KEY);
          return SECFailure;
      }
 -    if (tagLen == 0 || tagLen > 16) {
 +    if (tagLen != 16) {
          PORT_SetError(SEC_ERROR_INPUT_LEN);
          return SECFailure;
      }

      PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
      ctx->tagLen = tagLen;

      return SECSuccess;

	# HG changeset patch
	# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
	# Date 1595031218 0
	# Node ID c25adfdfab34ddb08d3262aac3242e3399de1095
	# Parent f282556e6cc7715f5754aeaadda6f902590e7e38
	Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea

	Differential Revision: https://phabricator.services.mozilla.com/D74801

	diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
	index a041947..a92c28a 100644
	--- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
	+++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
	@@ -44,7 +44,15 @@ class Pkcs11ChaCha20Poly1305Test
	SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
	sizeof(aead_params)};

	- // Encrypt.
	+ // Encrypt with bad parameters (TagLen is too short).
	+ aead_params.ulTagLen = 2;
	+ rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
	+ &encrypted_len, encrypted.size(), data, data_len);
	+ EXPECT_EQ(SECFailure, rv);
	+ EXPECT_EQ(0U, encrypted_len);
	+
	+ // Encrypt.
	+ aead_params.ulTagLen = 16;
	unsigned int outputLen = 0;
	std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
	SECStatus rv = PK11_Encrypt(key.get(), kMech, &params, output.data(),

	diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
	--- a/lib/freebl/chacha20poly1305.c
	+++ b/lib/freebl/chacha20poly1305.c
	@@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol
	{
	#ifdef NSS_DISABLE_CHACHAPOLY
	return SECFailure;
	#else
	if (keyLen != 32) {
	PORT_SetError(SEC_ERROR_BAD_KEY);
	return SECFailure;
	}
	- if (tagLen == 0 \|\| tagLen > 16) {
	+ if (tagLen != 16) {
	PORT_SetError(SEC_ERROR_INPUT_LEN);
	return SECFailure;
	}

	PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
	ctx->tagLen = tagLen;

	return SECSuccess;