1 files changed, 74 insertions, 0 deletions
diff --git a/backport-0002-CVE-2020-12403.patch b/backport-0002-CVE-2020-12403.patch
new file mode 100644
index 0000000..a56ab51
--- /dev/null
+++ b/backport-0002-CVE-2020-12403.patch
@@ -0,0 +1,74 @@
+
+# HG changeset patch
+# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
+# Date 1595031218 0
+# Node ID c25adfdfab34ddb08d3262aac3242e3399de1095
+# Parent  f282556e6cc7715f5754aeaadda6f902590e7e38
+Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D74801
+
+diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+@@ -40,28 +40,35 @@ class Pkcs11ChaCha20Poly1305Test
+     aead_params.ulNonceLen = iv_len;
+     aead_params.pAAD = toUcharPtr(aad);
+     aead_params.ulAADLen = aad_len;
+     aead_params.ulTagLen = 16;
+ 
+     SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                       sizeof(aead_params)};
+ 
+-    // Encrypt with bad parameters.
++    // Encrypt with bad parameters (TagLen is too long).
+     unsigned int encrypted_len = 0;
+     std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+     aead_params.ulTagLen = 158072;
+     SECStatus rv =
+         PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+                      &encrypted_len, encrypted.size(), data, data_len);
+     EXPECT_EQ(SECFailure, rv);
+     EXPECT_EQ(0U, encrypted_len);
+-    aead_params.ulTagLen = 16;
++
++    // Encrypt with bad parameters (TagLen is too short).
++    aead_params.ulTagLen = 2;
++    rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
++                      &encrypted_len, encrypted.size(), data, data_len);
++    EXPECT_EQ(SECFailure, rv);
++    EXPECT_EQ(0U, encrypted_len);
+ 
+     // Encrypt.
++    aead_params.ulTagLen = 16;
+     rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+                       &encrypted_len, encrypted.size(), data, data_len);
+ 
+     // Return if encryption failure was expected due to invalid IV.
+     // Without valid ciphertext, all further tests can be skipped.
+     if (invalid_iv) {
+       EXPECT_EQ(rv, SECFailure);
+       EXPECT_EQ(0U, encrypted_len)
+diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
+--- a/nss/lib/freebl/chacha20poly1305.c
++++ b/nss/lib/freebl/chacha20poly1305.c
+@@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol
+ {
+ #ifdef NSS_DISABLE_CHACHAPOLY
+     return SECFailure;
+ #else
+     if (keyLen != 32) {
+         PORT_SetError(SEC_ERROR_BAD_KEY);
+         return SECFailure;
+     }
+-    if (tagLen == 0 || tagLen > 16) {
++    if (tagLen != 16) {
+         PORT_SetError(SEC_ERROR_INPUT_LEN);
+         return SECFailure;
+     }
+ 
+     PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
+     ctx->tagLen = tagLen;
+ 
+     return SECSuccess;
+