nss: Fix CVE-2020-12403

Add patch for CVE-2020-12403 Link: https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> 2021-11-12 11:02:36 +0530
committer: Armin Kuster <akuster808@gmail.com> 2021-11-17 12:26:32 -0800
commit: bcf93614a0f89585360e534b4751220afe052013 (patch)
tree: 38c9f996fc6cac1b72c8a29406bb59a849b7b944
parent: 59bff77ad0b3a66417194670de25f60183a4f6bb (diff)
download: meta-openembedded-bcf93614a0f89585360e534b4751220afe052013.tar.gz
3 files changed, 147 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
new file mode 100644
index 000000000..a229a2d20
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
@@ -0,0 +1,65 @@
+From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:38 +0000
+Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
+ PKCS11. r=jcj,kjacobs,rrelyea
+Differential Revision: https://phabricator.services.mozilla.com/D74801
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++--
+ nss/lib/freebl/chacha20poly1305.c                       |  2 +-
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8]
+Comment: Refreshed path for whole patchset
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+index 41f9da71d6..3ea17678d9 100644
+--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
+     SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                       sizeof(aead_params)};
+ 
+-    // Encrypt with bad parameters.
+    // Encrypt with bad parameters (TagLen is too long).
+     unsigned int encrypted_len = 0;
+     std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+     aead_params.ulTagLen = 158072;
+@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
+                      &encrypted_len, encrypted.size(), data, data_len);
+     EXPECT_EQ(SECFailure, rv);
+     EXPECT_EQ(0U, encrypted_len);
+-    aead_params.ulTagLen = 16;
+
+    // Encrypt with bad parameters (TagLen is too short).
+    aead_params.ulTagLen = 2;
+    rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+                      &encrypted_len, encrypted.size(), data, data_len);
+    EXPECT_EQ(SECFailure, rv);
+    EXPECT_EQ(0U, encrypted_len);
+ 
+     // Encrypt.
+    aead_params.ulTagLen = 16;
+     rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+                       &encrypted_len, encrypted.size(), data, data_len);
+ 
+diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
+index 970c6436da..5c294a9eaf 100644
+--- a/nss/lib/freebl/chacha20poly1305.c
+++ b/nss/lib/freebl/chacha20poly1305.c
+@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+         PORT_SetError(SEC_ERROR_BAD_KEY);
+         return SECFailure;
+     }
+-    if (tagLen == 0 || tagLen > 16) {
+    if (tagLen != 16) {
+         PORT_SetError(SEC_ERROR_INPUT_LEN);
+         return SECFailure;
+     }
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
new file mode 100644
index 000000000..7b093d0cd
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
@@ -0,0 +1,80 @@
+From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:14 +0000
+Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20.
+ r=kjacobs,rrelyea
+Depends on D74801
+Differential Revision: https://phabricator.services.mozilla.com/D83994
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 +++++++++++++++++++++
+ nss/lib/softoken/pkcs11c.c                      |  1 +
+ 2 files changed, 50 insertions(+)
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45]
+Comment: Refreshed path for whole patchset and removed change for pkcs11c.c
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+index 38982fd885..700750cc90 100644
+--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
+   NSS_ShutdownContext(globalctx);
+ }
+ 
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
+  PK11SlotInfo* slot;
+  PK11SymKey* key;
+  PK11Context* ctx;
+
+  NSSInitContext* globalctx =
+      NSS_InitContext("", "", "", "", NULL,
+                      NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
+                          NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
+
+  const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
+
+  slot = PK11_GetInternalSlot();
+  ASSERT_TRUE(slot);
+
+  // Use arbitrary bytes for the ChaCha20 key and IV
+  uint8_t key_bytes[32];
+  for (size_t i = 0; i < 32; i++) {
+    key_bytes[i] = i;
+  }
+  SECItem keyItem = {siBuffer, key_bytes, 32};
+
+  uint8_t iv_bytes[16];
+  for (size_t i = 0; i < 16; i++) {
+    key_bytes[i] = i;
+  }
+  SECItem ivItem = {siBuffer, iv_bytes, 16};
+
+  SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
+
+  key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
+                          &keyItem, NULL);
+  ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
+  ASSERT_TRUE(key);
+  ASSERT_TRUE(ctx);
+
+  uint8_t outbuf[128];
+  // This is supposed to fail for Chacha20. This is because the underlying
+  // PK11_CipherOp operation is calling the C_EncryptUpdate function for
+  // which multi-part is disabled for ChaCha20 in counter mode.
+  ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
+
+  PK11_FreeSymKey(key);
+  PK11_FreeSlot(slot);
+  SECITEM_FreeItem(param, PR_TRUE);
+  PK11_DestroyContext(ctx, PR_TRUE);
+  NSS_ShutdownContext(globalctx);
+}
+
+ }  // namespace nss_test
diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index ac046ed0f..14f670c32 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -37,6 +37,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
           file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
           file://CVE-2020-12401.patch \
           file://CVE-2020-6829_12400.patch \
+           file://CVE-2020-12403_1.patch \
+           file://CVE-2020-12403_2.patch \
           "
 SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"
author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2021-11-12 11:02:36 +0530
committer	Armin Kuster <akuster808@gmail.com>	2021-11-17 12:26:32 -0800
commit	bcf93614a0f89585360e534b4751220afe052013 (patch)
tree	38c9f996fc6cac1b72c8a29406bb59a849b7b944
parent	59bff77ad0b3a66417194670de25f60183a4f6bb (diff)
download	meta-openembedded-bcf93614a0f89585360e534b4751220afe052013.tar.gz

diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch new file mode 100644 index 000000000..a229a2d20 --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_1.patch
@@ -0,0 +1,65 @@
		1	From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001
		2	From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
		3	Date: Sat, 18 Jul 2020 00:13:38 +0000
		4	Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
		5	PKCS11. r=jcj,kjacobs,rrelyea
		6
		7	Differential Revision: https://phabricator.services.mozilla.com/D74801
		8
		9	--HG--
		10	extra : moz-landing-system : lando
		11	---
		12	nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc \| 11 +++++++++--
		13	nss/lib/freebl/chacha20poly1305.c \| 2 +-
		14	2 files changed, 10 insertions(+), 3 deletions(-)
		15
		16	CVE: CVE-2020-12403
		17	Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8]
		18	Comment: Refreshed path for whole patchset
		19	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
		20
		21	diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
		22	index 41f9da71d6..3ea17678d9 100644
		23	--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
		24	+++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
		25	@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
		26	SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
		27	sizeof(aead_params)};
		28
		29	- // Encrypt with bad parameters.
		30	+ // Encrypt with bad parameters (TagLen is too long).
		31	unsigned int encrypted_len = 0;
		32	std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
		33	aead_params.ulTagLen = 158072;
		34	@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
		35	&encrypted_len, encrypted.size(), data, data_len);
		36	EXPECT_EQ(SECFailure, rv);
		37	EXPECT_EQ(0U, encrypted_len);
		38	- aead_params.ulTagLen = 16;
		39	+
		40	+ // Encrypt with bad parameters (TagLen is too short).
		41	+ aead_params.ulTagLen = 2;
		42	+ rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
		43	+ &encrypted_len, encrypted.size(), data, data_len);
		44	+ EXPECT_EQ(SECFailure, rv);
		45	+ EXPECT_EQ(0U, encrypted_len);
		46
		47	// Encrypt.
		48	+ aead_params.ulTagLen = 16;
		49	rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
		50	&encrypted_len, encrypted.size(), data, data_len);
		51
		52	diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
		53	index 970c6436da..5c294a9eaf 100644
		54	--- a/nss/lib/freebl/chacha20poly1305.c
		55	+++ b/nss/lib/freebl/chacha20poly1305.c
		56	@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
		57	PORT_SetError(SEC_ERROR_BAD_KEY);
		58	return SECFailure;
		59	}
		60	- if (tagLen == 0 \|\| tagLen > 16) {
		61	+ if (tagLen != 16) {
		62	PORT_SetError(SEC_ERROR_INPUT_LEN);
		63	return SECFailure;
		64	}
		65


diff --git a/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch new file mode 100644 index 000000000..7b093d0cd --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/CVE-2020-12403_2.patch
@@ -0,0 +1,80 @@
		1	From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001
		2	From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
		3	Date: Sat, 18 Jul 2020 00:13:14 +0000
		4	Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20.
		5	r=kjacobs,rrelyea
		6
		7	Depends on D74801
		8
		9	Differential Revision: https://phabricator.services.mozilla.com/D83994
		10
		11	--HG--
		12	extra : moz-landing-system : lando
		13	---
		14	nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc \| 49 +++++++++++++++++++++
		15	nss/lib/softoken/pkcs11c.c \| 1 +
		16	2 files changed, 50 insertions(+)
		17
		18	CVE: CVE-2020-12403
		19	Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45]
		20	Comment: Refreshed path for whole patchset and removed change for pkcs11c.c
		21	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
		22
		23	diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
		24	index 38982fd885..700750cc90 100644
		25	--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
		26	+++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
		27	@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
		28	NSS_ShutdownContext(globalctx);
		29	}
		30
		31	+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
		32	+ PK11SlotInfo* slot;
		33	+ PK11SymKey* key;
		34	+ PK11Context* ctx;
		35	+
		36	+ NSSInitContext* globalctx =
		37	+ NSS_InitContext("", "", "", "", NULL,
		38	+ NSS_INIT_READONLY \| NSS_INIT_NOCERTDB \| NSS_INIT_NOMODDB \|
		39	+ NSS_INIT_FORCEOPEN \| NSS_INIT_NOROOTINIT);
		40	+
		41	+ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
		42	+
		43	+ slot = PK11_GetInternalSlot();
		44	+ ASSERT_TRUE(slot);
		45	+
		46	+ // Use arbitrary bytes for the ChaCha20 key and IV
		47	+ uint8_t key_bytes[32];
		48	+ for (size_t i = 0; i < 32; i++) {
		49	+ key_bytes[i] = i;
		50	+ }
		51	+ SECItem keyItem = {siBuffer, key_bytes, 32};
		52	+
		53	+ uint8_t iv_bytes[16];
		54	+ for (size_t i = 0; i < 16; i++) {
		55	+ key_bytes[i] = i;
		56	+ }
		57	+ SECItem ivItem = {siBuffer, iv_bytes, 16};
		58	+
		59	+ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
		60	+
		61	+ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
		62	+ &keyItem, NULL);
		63	+ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
		64	+ ASSERT_TRUE(key);
		65	+ ASSERT_TRUE(ctx);
		66	+
		67	+ uint8_t outbuf[128];
		68	+ // This is supposed to fail for Chacha20. This is because the underlying
		69	+ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
		70	+ // which multi-part is disabled for ChaCha20 in counter mode.
		71	+ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
		72	+
		73	+ PK11_FreeSymKey(key);
		74	+ PK11_FreeSlot(slot);
		75	+ SECITEM_FreeItem(param, PR_TRUE);
		76	+ PK11_DestroyContext(ctx, PR_TRUE);
		77	+ NSS_ShutdownContext(globalctx);
		78	+}
		79	+
		80	} // namespace nss_test


diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb index ac046ed0f..14f670c32 100644 --- a/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -37,6 +37,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
37	file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \	37	file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
38	file://CVE-2020-12401.patch \	38	file://CVE-2020-12401.patch \
39	file://CVE-2020-6829_12400.patch \	39	file://CVE-2020-6829_12400.patch \
		40	file://CVE-2020-12403_1.patch \
		41	file://CVE-2020-12403_2.patch \
40	"	42	"
41		43
42	SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"	44	SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"