diff options
Diffstat (limited to 'backport-0001-CVE-2020-12403.patch')
| -rw-r--r-- | backport-0001-CVE-2020-12403.patch | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/backport-0001-CVE-2020-12403.patch b/backport-0001-CVE-2020-12403.patch new file mode 100644 index 0000000..efe6e77 --- /dev/null +++ b/backport-0001-CVE-2020-12403.patch @@ -0,0 +1,96 @@ + +# HG changeset patch +# User Benjamin Beurdouche <bbeurdouche@mozilla.com> +# Date 1595031194 0 +# Node ID f282556e6cc7715f5754aeaadda6f902590e7e38 +# Parent 89733253df83ef7fe8dd0d49f6370b857e93d325 +Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea + +Depends on D74801 + +Differential Revision: https://phabricator.services.mozilla.com/D83994 + +diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc +--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc ++++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc +@@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn + ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess); + + PK11_FreeSymKey(key); + PK11_FreeSlot(slot); + PK11_DestroyContext(ctx, PR_TRUE); + NSS_ShutdownContext(globalctx); + } + ++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { ++ PK11SlotInfo* slot; ++ PK11SymKey* key; ++ PK11Context* ctx; ++ ++ NSSInitContext* globalctx = ++ NSS_InitContext("", "", "", "", NULL, ++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | ++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); ++ ++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; ++ ++ slot = PK11_GetInternalSlot(); ++ ASSERT_TRUE(slot); ++ ++ // Use arbitrary bytes for the ChaCha20 key and IV ++ uint8_t key_bytes[32]; ++ for (size_t i = 0; i < 32; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem keyItem = {siBuffer, key_bytes, 32}; ++ ++ uint8_t iv_bytes[16]; ++ for (size_t i = 0; i < 16; i++) { ++ key_bytes[i] = i; ++ } ++ SECItem ivItem = {siBuffer, iv_bytes, 16}; ++ ++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem); ++ ++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, ++ &keyItem, NULL); ++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); ++ ASSERT_TRUE(key); ++ ASSERT_TRUE(ctx); ++ ++ uint8_t outbuf[128]; ++ // This is supposed to fail for Chacha20. This is because the underlying ++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for ++ // which multi-part is disabled for ChaCha20 in counter mode. ++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); ++ ++ PK11_FreeSymKey(key); ++ PK11_FreeSlot(slot); ++ SECITEM_FreeItem(param, PR_TRUE); ++ PK11_DestroyContext(ctx, PR_TRUE); ++ NSS_ShutdownContext(globalctx); ++} ++ + } // namespace nss_test +diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c +--- a/nss/lib/softoken/pkcs11c.c ++++ b/nss/lib/softoken/pkcs11c.c +@@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio + + case CKM_NSS_CHACHA20_CTR: /* old NSS private version */ + case CKM_CHACHA20: /* PKCS #11 v3 version */ + { + unsigned char *counter; + unsigned char *nonce; + unsigned long counter_len; + unsigned long nonce_len; ++ context->multi = PR_FALSE; + if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) { + if (key_type != CKK_NSS_CHACHA20) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + |