diff --git a/SOURCES/nss-3.44-encrypt-update.patch b/SOURCES/nss-3.44-encrypt-update.patch new file mode 100644 index 0000000..0c2441a --- /dev/null +++ b/SOURCES/nss-3.44-encrypt-update.patch @@ -0,0 +1,21 @@ +# HG changeset patch +# User Craig Disselkoen +# Date 1574189697 25200 +# Tue Nov 19 11:54:57 2019 -0700 +# Branch NSS_3_44_BRANCH +# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec +# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6 +Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus + +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -1321,7 +1321,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes + } + /* encrypt the current padded data */ + rv = (*context->update)(context->cipherInfo, pEncryptedPart, +- &padoutlen, context->blockSize, context->padBuf, ++ &padoutlen, maxout, context->padBuf, + context->blockSize); + if (rv != SECSuccess) { + return sftk_MapCryptError(PORT_GetError()); diff --git a/SOURCES/nss-softokn-3.44-handle-malformed-ecdh.patch b/SOURCES/nss-softokn-3.44-handle-malformed-ecdh.patch new file mode 100644 index 0000000..6902529 --- /dev/null +++ b/SOURCES/nss-softokn-3.44-handle-malformed-ecdh.patch @@ -0,0 +1,45 @@ +diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c +--- a/lib/freebl/ec.c ++++ b/lib/freebl/ec.c +@@ -202,8 +202,8 @@ + #endif + MP_DIGITS(&k) = 0; + +- if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0) || +- !ecParams->name) { ++ if (!ecParams || ecParams->name == ECCurve_noName || ++ !privKey || !privKeyBytes || privKeyLen <= 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } +@@ -391,7 +391,7 @@ + int len; + unsigned char *privKeyBytes = NULL; + +- if (!ecParams) { ++ if (!ecParams || ecParams->name == ECCurve_noName || !privKey) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } +@@ -430,7 +430,8 @@ + mp_err err = MP_OKAY; + int len; + +- if (!ecParams || !publicValue || !ecParams->name) { ++ if (!ecParams || ecParams->name == ECCurve_noName || ++ !publicValue || !publicValue->len) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } +@@ -536,8 +537,9 @@ + int i; + #endif + +- if (!publicValue || !ecParams || !privateValue || !derivedSecret || +- !ecParams->name) { ++ if (!publicValue || !publicValue->len || ++ !ecParams || ecParams->name == ECCurve_noName || ++ !privateValue || !privateValue->len || !derivedSecret) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } diff --git a/SOURCES/nss-softokn-tls-cavs.patch b/SOURCES/nss-softokn-tls-cavs.patch new file mode 100644 index 0000000..668846b --- /dev/null +++ b/SOURCES/nss-softokn-tls-cavs.patch @@ -0,0 +1,72 @@ +# HG changeset patch +# User Tomas Mraz +# Date 1560861770 -7200 +# Tue Jun 18 14:42:50 2019 +0200 +# Node ID 8c4e73e0bab6c2282e672dccad5e45bc171bc3fc +# Parent 313dfef345bd93bc67982249bffa2cfdd5a9d1b5 +fipstest: fix CKM_TLS12_MASTER_KEY_DERIVE usage in TLS test + +diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c ++++ b/cmd/fipstest/fipstest.c +@@ -6669,12 +6669,13 @@ tls(char *reqfn) + + CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE, NULL, 0 }; + CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE, NULL, 0 }; +- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; +- CK_SSL3_KEY_MAT_PARAMS key_block_params; ++ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; ++ CK_TLS12_KEY_MAT_PARAMS key_block_params; + CK_SSL3_KEY_MAT_OUT key_material; + CK_RV crv; + + /* set up PKCS #11 parameters */ ++ master_params.prfHashMechanism = CKM_SHA256; + master_params.pVersion = NULL; + master_params.RandomInfo.pClientRandom = clientHello_random; + master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); +@@ -6682,6 +6683,7 @@ tls(char *reqfn) + master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); + master_mech.pParameter = (void *)&master_params; + master_mech.ulParameterLen = sizeof(master_params); ++ key_block_params.prfHashMechanism = CKM_SHA256; + key_block_params.ulMacSizeInBits = 0; + key_block_params.ulKeySizeInBits = 0; + key_block_params.ulIVSizeInBits = 0; +@@ -6726,11 +6728,32 @@ tls(char *reqfn) + if (buf[7] == '0') { + master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; + key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; ++ master_mech.ulParameterLen = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); ++ key_block_mech.ulParameterLen = sizeof(CK_SSL3_KEY_MAT_PARAMS); + } else if (buf[7] == '2') { +- master_mech.mechanism = +- CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; +- key_block_mech.mechanism = +- CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; ++ if (strncmp(&buf[10], "SHA-1", 5) == 0) { ++ master_params.prfHashMechanism = CKM_SHA_1; ++ key_block_params.prfHashMechanism = CKM_SHA_1; ++ } else if (strncmp(&buf[10], "SHA-224", 7) == 0) { ++ master_params.prfHashMechanism = CKM_SHA224; ++ key_block_params.prfHashMechanism = CKM_SHA224; ++ } else if (strncmp(&buf[10], "SHA-256", 7) == 0) { ++ master_params.prfHashMechanism = CKM_SHA256; ++ key_block_params.prfHashMechanism = CKM_SHA256; ++ } else if (strncmp(&buf[10], "SHA-384", 7)== 0) { ++ master_params.prfHashMechanism = CKM_SHA384; ++ key_block_params.prfHashMechanism = CKM_SHA384; ++ } else if (strncmp(&buf[10], "SHA-512", 7) == 0) { ++ master_params.prfHashMechanism = CKM_SHA512; ++ key_block_params.prfHashMechanism = CKM_SHA512; ++ } else { ++ fprintf(tlsresp, "ERROR: Unable to find prf Hash type"); ++ goto loser; ++ } ++ master_mech.mechanism = CKM_TLS12_MASTER_KEY_DERIVE; ++ key_block_mech.mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE; ++ master_mech.ulParameterLen = sizeof(master_params); ++ key_block_mech.ulParameterLen = sizeof(key_block_params); + } else { + fprintf(stderr, "Unknown TLS type %x\n", + (unsigned int)buf[0]); diff --git a/SPECS/nss-softokn.spec b/SPECS/nss-softokn.spec index c753ac1..313a17e 100644 --- a/SPECS/nss-softokn.spec +++ b/SPECS/nss-softokn.spec @@ -40,7 +40,7 @@ rpm.define(string.format("nss_softokn_archive_version %s", Summary: Network Security Services Softoken Module Name: nss-softokn Version: %{nss_softokn_version} -Release: 5%{?dist} +Release: 8%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -109,6 +109,12 @@ Patch200: nss-softokn-ike-patch.patch Patch201: nss-softokn-fips-update.patch # https://bugzilla.mozilla.org/show_bug.cgi?id=1473806 Patch202: nss-softokn-fix-public-key-from-priv.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1559906 +Patch203: nss-softokn-tls-cavs.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 +Patch204: nss-3.44-encrypt-update.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1515342 +Patch205: nss-softokn-3.44-handle-malformed-ecdh.patch %description Network Security Services Softoken Cryptographic Module @@ -171,6 +177,9 @@ pushd nss #%patch105 -p1 -b .aes-zeroize %patch200 -p1 -b .ike-mech %patch201 -p1 -b .fips-update +%patch203 -p1 -b .tls-cavs +%patch204 -p1 -b .encrypt-update +%patch205 -p1 -b .handle-malformed-ecdh popd %patch202 -p1 -b .pub-priv-mech @@ -500,6 +509,15 @@ done %{_includedir}/nss3/shsign.h %changelog +* Wed Dec 4 2019 Bob Relyea - 3.44.0-8 +- Fix segfault on empty or malformed ecdh keys (#1777712) + +* Wed Dec 4 2019 Bob Relyea - 3.44.0-7 +- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910) + +* Tue Jun 18 2019 Daiki Ueno - 3.44.0-6 +- Fix fipstest to use the standard mechanism for TLS 1.2 PRF + * Wed Jun 5 2019 Bob Relyea - 3.44.0-5 - Add pub from priv mechanism