diff --git a/SOURCES/nss-3.53-fix-private_key_mac.patch b/SOURCES/nss-3.53-fix-private_key_mac.patch deleted file mode 100644 index 60df7d5..0000000 --- a/SOURCES/nss-3.53-fix-private_key_mac.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c ---- a/lib/softoken/sftkpwd.c -+++ b/lib/softoken/sftkpwd.c -@@ -277,17 +277,19 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha - *plain = nsspkcs5_CipherData(cipherValue.param, passKey, &cipherValue.value, - PR_FALSE, NULL); - if (*plain == NULL) { - rv = SECFailure; - goto loser; - } - - /* If we are using aes 256, we need to check authentication as well.*/ -- if ((type != CKT_INVALID_TYPE) && (cipherValue.alg == SEC_OID_AES_256_CBC)) { -+ if ((type != CKT_INVALID_TYPE) && -+ (cipherValue.alg == SEC_OID_PKCS5_PBES2) && -+ (cipherValue.param->encAlg == SEC_OID_AES_256_CBC)) { - SECItem signature; - unsigned char signData[SDB_MAX_META_DATA_LEN]; - - /* if we get here from the old legacy db, there is clearly an - * error, don't return the plaintext */ - if (handle == NULL) { - rv = SECFailure; - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -@@ -299,17 +301,27 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha - rv = sftkdb_GetAttributeSignature(handle, handle, id, type, - &signature); - if (rv != SECSuccess) { - goto loser; - } - rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, type, - *plain, &signature); - if (rv != SECSuccess) { -- goto loser; -+ /* handle a bug where old versions of NSS misfiled the signature -+ * attribute on password update */ -+ id |= SFTK_KEYDB_TYPE|SFTK_TOKEN_TYPE; -+ signature.len = sizeof(signData); -+ rv = sftkdb_GetAttributeSignature(handle, handle, id, type, -+ &signature); -+ if (rv != SECSuccess) { -+ goto loser; -+ } -+ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, -+ type, *plain, &signature); - } - } - - loser: - if (cipherValue.param) { - nsspkcs5_DestroyPBEParameter(cipherValue.param); - } - if (cipherValue.arena) { -@@ -1186,16 +1198,17 @@ sftk_updateEncrypted(PLArenaPool *arena, - }; - const CK_ULONG privAttrCount = sizeof(privAttrTypes) / sizeof(privAttrTypes[0]); - - // We don't know what attributes this object has, so we update them one at a - // time. - unsigned int i; - for (i = 0; i < privAttrCount; i++) { - // Read the old attribute in the clear. -+ CK_OBJECT_HANDLE sdbId = id & SFTK_OBJ_ID_MASK; - CK_ATTRIBUTE privAttr = { privAttrTypes[i], NULL, 0 }; - CK_RV crv = sftkdb_GetAttributeValue(keydb, id, &privAttr, 1); - if (crv != CKR_OK) { - continue; - } - if ((privAttr.ulValueLen == -1) || (privAttr.ulValueLen == 0)) { - continue; - } -@@ -1210,30 +1223,29 @@ sftk_updateEncrypted(PLArenaPool *arena, - if ((privAttr.ulValueLen == -1) || (privAttr.ulValueLen == 0)) { - return CKR_GENERAL_ERROR; - } - SECItem plainText; - SECItem *result; - plainText.data = privAttr.pValue; - plainText.len = privAttr.ulValueLen; - if (sftkdb_EncryptAttribute(arena, keydb, keydb->db, newKey, -- iterationCount, id, privAttr.type, -+ iterationCount, sdbId, privAttr.type, - &plainText, &result) != SECSuccess) { - return CKR_GENERAL_ERROR; - } - privAttr.pValue = result->data; - privAttr.ulValueLen = result->len; - // Clear sensitive data. - PORT_Memset(plainText.data, 0, plainText.len); - - // Write the newly encrypted attributes out directly. -- CK_OBJECT_HANDLE newId = id & SFTK_OBJ_ID_MASK; - keydb->newKey = newKey; - keydb->newDefaultIterationCount = iterationCount; -- crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, newId, &privAttr, 1); -+ crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, sdbId, &privAttr, 1); - keydb->newKey = NULL; - if (crv != CKR_OK) { - return crv; - } - } - - return CKR_OK; - } diff --git a/SOURCES/nss-3.67-fix-private-key-mac.patch b/SOURCES/nss-3.67-fix-private-key-mac.patch new file mode 100644 index 0000000..d211940 --- /dev/null +++ b/SOURCES/nss-3.67-fix-private-key-mac.patch @@ -0,0 +1,81 @@ +diff -up ./lib/softoken/sftkpwd.c.orig ./lib/softoken/sftkpwd.c +--- ./lib/softoken/sftkpwd.c.orig 2021-06-10 05:33:12.000000000 -0700 ++++ ./lib/softoken/sftkpwd.c 2021-07-01 14:04:34.068596942 -0700 +@@ -287,9 +287,12 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha + } + + /* If we are using aes 256, we need to check authentication as well.*/ +- if ((type != CKT_INVALID_TYPE) && (cipherValue.alg == SEC_OID_AES_256_CBC)) { ++ if ((type != CKT_INVALID_TYPE) && ++ (cipherValue.alg == SEC_OID_PKCS5_PBES2) && ++ (cipherValue.param->encAlg == SEC_OID_AES_256_CBC)) { + SECItem signature; + unsigned char signData[SDB_MAX_META_DATA_LEN]; ++ CK_RV crv; + + /* if we get here from the old legacy db, there is clearly an + * error, don't return the plaintext */ +@@ -301,15 +304,28 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha + + signature.data = signData; + signature.len = sizeof(signData); +- rv = sftkdb_GetAttributeSignature(handle, handle, id, type, ++ rv = SECFailure; ++ /* sign sftkdb_GetAttriibuteSignature returns a crv, not an rv */ ++ crv = sftkdb_GetAttributeSignature(handle, handle, id, type, + &signature); +- if (rv != SECSuccess) { +- goto loser; ++ if (crv == CKR_OK) { ++ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, ++ type, *plain, &signature); + } +- rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, type, +- *plain, &signature); + if (rv != SECSuccess) { +- goto loser; ++ /* handle a bug where old versions of NSS misfiled the signature ++ * attribute on password update */ ++ id |= SFTK_KEYDB_TYPE|SFTK_TOKEN_TYPE; ++ signature.len = sizeof(signData); ++ crv = sftkdb_GetAttributeSignature(handle, handle, id, type, ++ &signature); ++ if (crv != CKR_OK) { ++ rv = SECFailure; ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ goto loser; ++ } ++ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, ++ type, *plain, &signature); + } + } + +@@ -1198,6 +1214,7 @@ sftk_updateEncrypted(PLArenaPool *arena, + unsigned int i; + for (i = 0; i < privAttrCount; i++) { + // Read the old attribute in the clear. ++ CK_OBJECT_HANDLE sdbId = id & SFTK_OBJ_ID_MASK; + CK_ATTRIBUTE privAttr = { privAttrTypes[i], NULL, 0 }; + CK_RV crv = sftkdb_GetAttributeValue(keydb, id, &privAttr, 1); + if (crv != CKR_OK) { +@@ -1222,7 +1239,7 @@ sftk_updateEncrypted(PLArenaPool *arena, + plainText.data = privAttr.pValue; + plainText.len = privAttr.ulValueLen; + if (sftkdb_EncryptAttribute(arena, keydb, keydb->db, newKey, +- iterationCount, id, privAttr.type, ++ iterationCount, sdbId, privAttr.type, + &plainText, &result) != SECSuccess) { + return CKR_GENERAL_ERROR; + } +@@ -1232,10 +1249,9 @@ sftk_updateEncrypted(PLArenaPool *arena, + PORT_Memset(plainText.data, 0, plainText.len); + + // Write the newly encrypted attributes out directly. +- CK_OBJECT_HANDLE newId = id & SFTK_OBJ_ID_MASK; + keydb->newKey = newKey; + keydb->newDefaultIterationCount = iterationCount; +- crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, newId, &privAttr, 1); ++ crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, sdbId, &privAttr, 1); + keydb->newKey = NULL; + if (crv != CKR_OK) { + return crv; diff --git a/SOURCES/nss-3.67-fix-ssl-alerts.patch b/SOURCES/nss-3.67-fix-ssl-alerts.patch new file mode 100644 index 0000000..10cdaf5 --- /dev/null +++ b/SOURCES/nss-3.67-fix-ssl-alerts.patch @@ -0,0 +1,122 @@ +diff -up ./lib/ssl/ssl3con.c.alert-fix ./lib/ssl/ssl3con.c +--- ./lib/ssl/ssl3con.c.alert-fix 2021-06-10 05:33:12.000000000 -0700 ++++ ./lib/ssl/ssl3con.c 2021-07-06 17:08:25.894018521 -0700 +@@ -4319,7 +4319,11 @@ ssl_SignatureSchemeValid(SSLSignatureSch + if (!ssl_IsSupportedSignatureScheme(scheme)) { + return PR_FALSE; + } +- if (!ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { ++ /* if we are purposefully passed SEC_OID_UNKOWN, it means ++ * we not checking the scheme against a potential key, so skip ++ * the call */ ++ if ((spkiOid != SEC_OID_UNKNOWN) && ++ !ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { + return PR_FALSE; + } + if (isTls13) { +@@ -4517,7 +4521,8 @@ ssl_CheckSignatureSchemeConsistency(sslS + } + + /* Verify that the signature scheme matches the signing key. */ +- if (!ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { ++ if ((spkiOid == SEC_OID_UNKNOWN) || ++ !ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { + PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); + return SECFailure; + } +@@ -4533,6 +4538,7 @@ ssl_CheckSignatureSchemeConsistency(sslS + PRBool + ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme) + { ++ PRBool isSupported = PR_FALSE; + switch (scheme) { + case ssl_sig_rsa_pkcs1_sha1: + case ssl_sig_rsa_pkcs1_sha256: +@@ -4552,7 +4558,8 @@ ssl_IsSupportedSignatureScheme(SSLSignat + case ssl_sig_dsa_sha384: + case ssl_sig_dsa_sha512: + case ssl_sig_ecdsa_sha1: +- return PR_TRUE; ++ isSupported = PR_TRUE; ++ break; + + case ssl_sig_rsa_pkcs1_sha1md5: + case ssl_sig_none: +@@ -4560,7 +4567,19 @@ ssl_IsSupportedSignatureScheme(SSLSignat + case ssl_sig_ed448: + return PR_FALSE; + } +- return PR_FALSE; ++ if (isSupported) { ++ SECOidTag hashOID = ssl3_HashTypeToOID(ssl_SignatureSchemeToHashType(scheme)); ++ PRUint32 policy; ++ const PRUint32 sigSchemePolicy= ++ NSS_USE_ALG_IN_SSL_KX|NSS_USE_ALG_IN_SIGNATURE; ++ /* check hash policy */ ++ if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) && ++ ((policy & sigSchemePolicy) != sigSchemePolicy)) { ++ return PR_FALSE; ++ } ++ /* check algorithm policy */ ++ } ++ return isSupported; + } + + PRBool +@@ -6533,6 +6552,9 @@ ssl_PickSignatureScheme(sslSocket *ss, + } + + spkiOid = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm); ++ if (spkiOid == SEC_OID_UNKNOWN) { ++ goto loser; ++ } + + /* Now we have to search based on the key type. Go through our preferred + * schemes in order and find the first that can be used. */ +@@ -6547,6 +6569,7 @@ ssl_PickSignatureScheme(sslSocket *ss, + } + } + ++loser: + PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; + } +@@ -7700,7 +7723,8 @@ ssl_ParseSignatureSchemes(const sslSocke + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } +- if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { ++ if (ssl_SignatureSchemeValid((SSLSignatureScheme)tmp, SEC_OID_UNKNOWN, ++ (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3)) {; + schemes[numSupported++] = (SSLSignatureScheme)tmp; + } + } +@@ -10286,7 +10310,12 @@ ssl3_HandleCertificateVerify(sslSocket * + PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_record); + rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); + if (rv != SECSuccess) { +- goto loser; /* malformed or unsupported. */ ++ errCode = PORT_GetError(); ++ /* unsupported == illegal_parameter, others == handshake_failure. */ ++ if (errCode == SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM) { ++ desc = illegal_parameter; ++ } ++ goto alert_loser; + } + rv = ssl_CheckSignatureSchemeConsistency( + ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); +diff -up ./gtests/ssl_gtest/ssl_extension_unittest.cc.alert-fix ./gtests/ssl_gtest/ssl_extension_unittest.cc +--- ./gtests/ssl_gtest/ssl_extension_unittest.cc.alert-fix 2021-07-07 11:32:11.634376932 -0700 ++++ ./gtests/ssl_gtest/ssl_extension_unittest.cc 2021-07-07 11:33:30.595841110 -0700 +@@ -428,7 +428,10 @@ TEST_P(TlsExtensionTest12Plus, Signature + } + + TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) { +- const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00}; // sha-256, rsa ++ // make sure the test uses an algorithm that is legal for ++ // tls 1.3 (or tls 1.3 will through and illegalParameter ++ // instead of a decode error) ++ const uint8_t val[] = {0x00, 0x02, 0x08, 0x09, 0x00}; // sha-256, rsa-pss-pss + DataBuffer extension(val, sizeof(val)); + ClientHelloErrorTest(std::make_shared( + client_, ssl_signature_algorithms_xtn, extension)); diff --git a/SPECS/nss.spec b/SPECS/nss.spec index 1cef870..f4b6b5d 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -47,7 +47,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 4%{?dist} +Release: 6%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -144,7 +144,7 @@ Patch50: nss-3.66-restore-old-pkcs12-default.patch # Need upstream bug Patch219: nss-3.44-kbkdf-coverity.patch # no upsteam bug yet -Patch225: nss-3.53-fix-private_key_mac.patch +Patch225: nss-3.67-fix-private-key-mac.patch # no upstream bug yet Patch229: nss-3.53.1-measure-fix.patch # no upstream bug yet @@ -155,7 +155,8 @@ Patch232: nss-3.66-fix-gtest-parsing.patch Patch233: nss-3.67-fix-coverity-issues.patch # no upstream bug yet Patch234: nss-3.67-fix-sdb-timeout.patch - +# no upstream bug yet +Patch235: nss-3.67-fix-ssl-alerts.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -927,6 +928,13 @@ update-crypto-policies --no-reload &> /dev/null || : %changelog +* Tue Jul 6 2021 Bob Relyea - 3.67.0-6 +- Fix ssl alert issue + +* Thu Jul 1 2021 Bob Relyea - 3.67.0-5 +- Fix issue with reading databases that were updated using + unpatched versions of nss + * Tue Jun 29 2021 Bob Relyea - 3.67.0-4 - Better fix for the sdb timeout. The issue wasn't a race, it was the sqlite timeout waiting to begin a transaction under heavy