diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
commit | 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch) | |
tree | 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-support/nss | |
download | poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-support/nss')
15 files changed, 2396 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch new file mode 100644 index 0000000000..1a159c3934 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1739.patch | |||
@@ -0,0 +1,81 @@ | |||
1 | Upstream-Status: Backport | ||
2 | Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> | ||
3 | |||
4 | --- a/nss/lib/ssl/ssl3con.c | ||
5 | +++ b/nss/lib/ssl/ssl3con.c | ||
6 | @@ -10509,7 +10509,7 @@ ssl_RemoveSSLv3CBCPadding(sslBuffer *pla | ||
7 | /* SSLv3 padding bytes are random and cannot be checked. */ | ||
8 | t = plaintext->len; | ||
9 | t -= paddingLength+overhead; | ||
10 | - /* If len >= padding_length+overhead then the MSB of t is zero. */ | ||
11 | + /* If len >= paddingLength+overhead then the MSB of t is zero. */ | ||
12 | good = DUPLICATE_MSB_TO_ALL(~t); | ||
13 | /* SSLv3 requires that the padding is minimal. */ | ||
14 | t = blockSize - (paddingLength+1); | ||
15 | @@ -10742,7 +10742,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
16 | } | ||
17 | } | ||
18 | |||
19 | - good = (unsigned)-1; | ||
20 | + good = ~0U; | ||
21 | minLength = crSpec->mac_size; | ||
22 | if (cipher_def->type == type_block) { | ||
23 | /* CBC records have a padding length byte at the end. */ | ||
24 | @@ -10756,14 +10756,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
25 | /* We can perform this test in variable time because the record's total | ||
26 | * length and the ciphersuite are both public knowledge. */ | ||
27 | if (cText->buf->len < minLength) { | ||
28 | - SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.", | ||
29 | - SSL_GETPID(), ss->fd)); | ||
30 | - /* must not hold spec lock when calling SSL3_SendAlert. */ | ||
31 | - ssl_ReleaseSpecReadLock(ss); | ||
32 | - SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | ||
33 | - /* always log mac error, in case attacker can read server logs. */ | ||
34 | - PORT_SetError(SSL_ERROR_BAD_MAC_READ); | ||
35 | - return SECFailure; | ||
36 | + goto decrypt_loser; | ||
37 | } | ||
38 | |||
39 | if (cipher_def->type == type_block && | ||
40 | @@ -10831,11 +10824,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
41 | return SECFailure; | ||
42 | } | ||
43 | |||
44 | + if (cipher_def->type == type_block && | ||
45 | + ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) { | ||
46 | + goto decrypt_loser; | ||
47 | + } | ||
48 | + | ||
49 | /* decrypt from cText buf to plaintext. */ | ||
50 | rv = crSpec->decode( | ||
51 | crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, | ||
52 | plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen); | ||
53 | - good &= SECStatusToMask(rv); | ||
54 | + if (rv != SECSuccess) { | ||
55 | + goto decrypt_loser; | ||
56 | + } | ||
57 | |||
58 | PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); | ||
59 | |||
60 | @@ -10843,7 +10843,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
61 | |||
62 | /* If it's a block cipher, check and strip the padding. */ | ||
63 | if (cipher_def->type == type_block) { | ||
64 | - const unsigned int blockSize = cipher_def->iv_size; | ||
65 | + const unsigned int blockSize = cipher_def->block_size; | ||
66 | const unsigned int macSize = crSpec->mac_size; | ||
67 | |||
68 | if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) { | ||
69 | @@ -10899,10 +10899,11 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip | ||
70 | } | ||
71 | |||
72 | if (good == 0) { | ||
73 | +decrypt_loser: | ||
74 | /* must not hold spec lock when calling SSL3_SendAlert. */ | ||
75 | ssl_ReleaseSpecReadLock(ss); | ||
76 | |||
77 | - SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); | ||
78 | + SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); | ||
79 | |||
80 | if (!IS_DTLS(ss)) { | ||
81 | SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | ||
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1741.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1741.patch new file mode 100644 index 0000000000..21da0c03b5 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-1741.patch | |||
@@ -0,0 +1,92 @@ | |||
1 | Upstream-Status: backport | ||
2 | yanjun.zhu <yanjun.zhu@windriver.com> | ||
3 | --- a/nss/lib/util/secport.c | ||
4 | +++ b/nss/lib/util/secport.c | ||
5 | @@ -69,13 +69,22 @@ PORTCharConversionFunc ucs4Utf8ConvertFu | ||
6 | PORTCharConversionFunc ucs2Utf8ConvertFunc; | ||
7 | PORTCharConversionWSwapFunc ucs2AsciiConvertFunc; | ||
8 | |||
9 | +/* NSPR memory allocation functions (PR_Malloc, PR_Calloc, and PR_Realloc) | ||
10 | + * use the PRUint32 type for the size parameter. Before we pass a size_t or | ||
11 | + * unsigned long size to these functions, we need to ensure it is <= half of | ||
12 | + * the maximum PRUint32 value to avoid truncation and catch a negative size. | ||
13 | + */ | ||
14 | +#define MAX_SIZE (PR_UINT32_MAX >> 1) | ||
15 | + | ||
16 | void * | ||
17 | PORT_Alloc(size_t bytes) | ||
18 | { | ||
19 | - void *rv; | ||
20 | + void *rv = NULL; | ||
21 | |||
22 | - /* Always allocate a non-zero amount of bytes */ | ||
23 | - rv = (void *)PR_Malloc(bytes ? bytes : 1); | ||
24 | + if (bytes <= MAX_SIZE) { | ||
25 | + /* Always allocate a non-zero amount of bytes */ | ||
26 | + rv = PR_Malloc(bytes ? bytes : 1); | ||
27 | + } | ||
28 | if (!rv) { | ||
29 | ++port_allocFailures; | ||
30 | PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
31 | @@ -86,9 +95,11 @@ PORT_Alloc(size_t bytes) | ||
32 | void * | ||
33 | PORT_Realloc(void *oldptr, size_t bytes) | ||
34 | { | ||
35 | - void *rv; | ||
36 | + void *rv = NULL; | ||
37 | |||
38 | - rv = (void *)PR_Realloc(oldptr, bytes); | ||
39 | + if (bytes <= MAX_SIZE) { | ||
40 | + rv = PR_Realloc(oldptr, bytes); | ||
41 | + } | ||
42 | if (!rv) { | ||
43 | ++port_allocFailures; | ||
44 | PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
45 | @@ -99,10 +110,12 @@ PORT_Realloc(void *oldptr, size_t bytes) | ||
46 | void * | ||
47 | PORT_ZAlloc(size_t bytes) | ||
48 | { | ||
49 | - void *rv; | ||
50 | + void *rv = NULL; | ||
51 | |||
52 | - /* Always allocate a non-zero amount of bytes */ | ||
53 | - rv = (void *)PR_Calloc(1, bytes ? bytes : 1); | ||
54 | + if (bytes <= MAX_SIZE) { | ||
55 | + /* Always allocate a non-zero amount of bytes */ | ||
56 | + rv = PR_Calloc(1, bytes ? bytes : 1); | ||
57 | + } | ||
58 | if (!rv) { | ||
59 | ++port_allocFailures; | ||
60 | PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
61 | @@ -209,6 +222,10 @@ PORT_NewArena(unsigned long chunksize) | ||
62 | { | ||
63 | PORTArenaPool *pool; | ||
64 | |||
65 | + if (chunksize > MAX_SIZE) { | ||
66 | + PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
67 | + return NULL; | ||
68 | + } | ||
69 | pool = PORT_ZNew(PORTArenaPool); | ||
70 | if (!pool) { | ||
71 | return NULL; | ||
72 | @@ -224,8 +241,6 @@ PORT_NewArena(unsigned long chunksize) | ||
73 | return(&pool->arena); | ||
74 | } | ||
75 | |||
76 | -#define MAX_SIZE 0x7fffffffUL | ||
77 | - | ||
78 | void * | ||
79 | PORT_ArenaAlloc(PLArenaPool *arena, size_t size) | ||
80 | { | ||
81 | @@ -330,6 +345,11 @@ PORT_ArenaGrow(PLArenaPool *arena, void | ||
82 | PORTArenaPool *pool = (PORTArenaPool *)arena; | ||
83 | PORT_Assert(newsize >= oldsize); | ||
84 | |||
85 | + if (newsize > MAX_SIZE) { | ||
86 | + PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
87 | + return NULL; | ||
88 | + } | ||
89 | + | ||
90 | if (ARENAPOOL_MAGIC == pool->magic ) { | ||
91 | PZ_Lock(pool->lock); | ||
92 | /* Do we do a THREADMARK check here? */ | ||
diff --git a/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch new file mode 100644 index 0000000000..7203d02c78 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-3.15.1-fix-CVE-2013-5605.patch | |||
@@ -0,0 +1,18 @@ | |||
1 | signed-off-by: Ryan Sleevi <ryan.sleevi@gmail.com> | ||
2 | Upstream-Status: Backport | ||
3 | reference:https://hg.mozilla.org/projects/nss/rev/e79a09364b5e | ||
4 | |||
5 | --- a/nss/lib/ssl/ssl3con.c | ||
6 | +++ b/nss/lib/ssl/ssl3con.c | ||
7 | @@ -781,6 +781,11 @@ static SECStatus | ||
8 | Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, | ||
9 | const unsigned char *input, int inputLen) | ||
10 | { | ||
11 | + if (inputLen > maxOutputLen) { | ||
12 | + *outputLen = 0; /* Match PK11_CipherOp in setting outputLen */ | ||
13 | + PORT_SetError(SEC_ERROR_OUTPUT_LEN); | ||
14 | + return SECFailure; | ||
15 | + } | ||
16 | *outputLen = inputLen; | ||
17 | if (input != output) | ||
18 | PORT_Memcpy(output, input, inputLen); | ||
diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-1740.patch b/meta/recipes-support/nss/files/nss-CVE-2013-1740.patch new file mode 100644 index 0000000000..db3d6f9103 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2013-1740.patch | |||
@@ -0,0 +1,916 @@ | |||
1 | nss: CVE-2013-1740 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | the patch comes from: | ||
6 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740 | ||
7 | https://bugzilla.mozilla.org/show_bug.cgi?id=919877 | ||
8 | https://bugzilla.mozilla.org/show_bug.cgi?id=713933 | ||
9 | |||
10 | changeset: 10946:f28426e944ae | ||
11 | user: Wan-Teh Chang <wtc@google.com> | ||
12 | date: Tue Nov 26 16:44:39 2013 -0800 | ||
13 | summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls | ||
14 | |||
15 | changeset: 10945:774c7dec7565 | ||
16 | user: Wan-Teh Chang <wtc@google.com> | ||
17 | date: Mon Nov 25 19:16:23 2013 -0800 | ||
18 | summary: Bug 713933: Declare the |falseStart| local variable in the smallest | ||
19 | |||
20 | changeset: 10848:141fae8fb2e8 | ||
21 | user: Wan-Teh Chang <wtc@google.com> | ||
22 | date: Mon Sep 23 11:25:41 2013 -0700 | ||
23 | summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org | ||
24 | |||
25 | changeset: 10898:1b9c43d28713 | ||
26 | user: Brian Smith <brian@briansmith.org> | ||
27 | date: Thu Oct 31 15:40:42 2013 -0700 | ||
28 | summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc | ||
29 | |||
30 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
31 | --- | ||
32 | nss/lib/ssl/ssl.def | 7 ++ | ||
33 | nss/lib/ssl/ssl.h | 54 +++++++++++--- | ||
34 | nss/lib/ssl/ssl3con.c | 188 +++++++++++++++++++++++++++++++++++------------ | ||
35 | nss/lib/ssl/ssl3gthr.c | 63 ++++++++++++---- | ||
36 | nss/lib/ssl/sslauth.c | 10 +-- | ||
37 | nss/lib/ssl/sslimpl.h | 22 +++++- | ||
38 | nss/lib/ssl/sslinfo.c | 10 +-- | ||
39 | nss/lib/ssl/sslreveal.c | 9 +-- | ||
40 | nss/lib/ssl/sslsecur.c | 139 ++++++++++++++++++++++++++++------- | ||
41 | nss/lib/ssl/sslsock.c | 12 ++- | ||
42 | 10 files changed, 386 insertions(+), 128 deletions(-) | ||
43 | |||
44 | diff --git a/nss/lib/ssl/ssl.def b/nss/lib/ssl/ssl.def | ||
45 | index fbf7fc5..e937bd4 100644 | ||
46 | --- a/nss/lib/ssl/ssl.def | ||
47 | +++ b/nss/lib/ssl/ssl.def | ||
48 | @@ -163,3 +163,10 @@ SSL_SetStapledOCSPResponses; | ||
49 | ;+ local: | ||
50 | ;+*; | ||
51 | ;+}; | ||
52 | +;+NSS_3.15.3 { # NSS 3.15.3 release | ||
53 | +;+ global: | ||
54 | +SSL_RecommendedCanFalseStart; | ||
55 | +SSL_SetCanFalseStartCallback; | ||
56 | +;+ local: | ||
57 | +;+*; | ||
58 | +;+}; | ||
59 | diff --git a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h | ||
60 | index 6db0e34..ddeaaef 100644 | ||
61 | --- a/nss/lib/ssl/ssl.h | ||
62 | +++ b/nss/lib/ssl/ssl.h | ||
63 | @@ -121,14 +121,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); | ||
64 | #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | ||
65 | /* default, applies only to */ | ||
66 | /* clients). False start is a */ | ||
67 | -/* mode where an SSL client will start sending application data before */ | ||
68 | -/* verifying the server's Finished message. This means that we could end up */ | ||
69 | -/* sending data to an imposter. However, the data will be encrypted and */ | ||
70 | -/* only the true server can derive the session key. Thus, so long as the */ | ||
71 | -/* cipher isn't broken this is safe. Because of this, False Start will only */ | ||
72 | -/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | ||
73 | -/* bits. The advantage of False Start is that it saves a round trip for */ | ||
74 | -/* client-speaks-first protocols when performing a full handshake. */ | ||
75 | +/* mode where an SSL client will start sending application data before | ||
76 | + * verifying the server's Finished message. This means that we could end up | ||
77 | + * sending data to an imposter. However, the data will be encrypted and | ||
78 | + * only the true server can derive the session key. Thus, so long as the | ||
79 | + * cipher isn't broken this is safe. The advantage of false start is that | ||
80 | + * it saves a round trip for client-speaks-first protocols when performing a | ||
81 | + * full handshake. | ||
82 | + * | ||
83 | + * In addition to enabling this option, the application must register a | ||
84 | + * callback using the SSL_SetCanFalseStartCallback function. | ||
85 | + */ | ||
86 | |||
87 | /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks | ||
88 | * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting | ||
89 | @@ -653,14 +656,45 @@ SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks); | ||
90 | SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString); | ||
91 | |||
92 | /* | ||
93 | -** Set the callback on a particular socket that gets called when we finish | ||
94 | -** performing a handshake. | ||
95 | +** Set the callback that gets called when a TLS handshake is complete. The | ||
96 | +** handshake callback is called after verifying the peer's Finished message and | ||
97 | +** before processing incoming application data. | ||
98 | +** | ||
99 | +** For the initial handshake: If the handshake false started (see | ||
100 | +** SSL_ENABLE_FALSE_START), then application data may already have been sent | ||
101 | +** before the handshake callback is called. If we did not false start then the | ||
102 | +** callback will get called before any application data is sent. | ||
103 | */ | ||
104 | typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd, | ||
105 | void *client_data); | ||
106 | SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, | ||
107 | SSLHandshakeCallback cb, void *client_data); | ||
108 | |||
109 | +/* Applications that wish to enable TLS false start must set this callback | ||
110 | +** function. NSS will invoke the functon to determine if a particular | ||
111 | +** connection should use false start or not. SECSuccess indicates that the | ||
112 | +** callback completed successfully, and if so *canFalseStart indicates if false | ||
113 | +** start can be used. If the callback does not return SECSuccess then the | ||
114 | +** handshake will be canceled. NSS's recommended criteria can be evaluated by | ||
115 | +** calling SSL_RecommendedCanFalseStart. | ||
116 | +** | ||
117 | +** If no false start callback is registered then false start will never be | ||
118 | +** done, even if the SSL_ENABLE_FALSE_START option is enabled. | ||
119 | +**/ | ||
120 | +typedef SECStatus (PR_CALLBACK *SSLCanFalseStartCallback)( | ||
121 | + PRFileDesc *fd, void *arg, PRBool *canFalseStart); | ||
122 | + | ||
123 | +SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback( | ||
124 | + PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg); | ||
125 | + | ||
126 | +/* This function sets *canFalseStart according to the recommended criteria for | ||
127 | +** false start. These criteria may change from release to release and may depend | ||
128 | +** on which handshake features have been negotiated and/or properties of the | ||
129 | +** certifciates/keys used on the connection. | ||
130 | +*/ | ||
131 | +SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd, | ||
132 | + PRBool *canFalseStart); | ||
133 | + | ||
134 | /* | ||
135 | ** For the server, request a new handshake. For the client, begin a new | ||
136 | ** handshake. If flushCache is non-zero, the SSL3 cache entry will be | ||
137 | diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c | ||
138 | index 61d24d9..f39ba09 100644 | ||
139 | --- a/nss/lib/ssl/ssl3con.c | ||
140 | +++ b/nss/lib/ssl/ssl3con.c | ||
141 | @@ -2535,7 +2535,7 @@ ssl3_SendRecord( sslSocket * ss, | ||
142 | SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", | ||
143 | SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type), | ||
144 | nIn)); | ||
145 | - PRINT_BUF(3, (ss, "Send record (plain text)", pIn, nIn)); | ||
146 | + PRINT_BUF(50, (ss, "Send record (plain text)", pIn, nIn)); | ||
147 | |||
148 | PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | ||
149 | |||
150 | @@ -6674,36 +6674,73 @@ done: | ||
151 | return rv; | ||
152 | } | ||
153 | |||
154 | +static SECStatus | ||
155 | +ssl3_CheckFalseStart(sslSocket *ss) | ||
156 | +{ | ||
157 | + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | ||
158 | + PORT_Assert( !ss->ssl3.hs.authCertificatePending ); | ||
159 | + PORT_Assert( !ss->ssl3.hs.canFalseStart ); | ||
160 | + | ||
161 | + if (!ss->canFalseStartCallback) { | ||
162 | + SSL_TRC(3, ("%d: SSL[%d]: no false start callback so no false start", | ||
163 | + SSL_GETPID(), ss->fd)); | ||
164 | + } else { | ||
165 | + PRBool maybeFalseStart; | ||
166 | + SECStatus rv; | ||
167 | + | ||
168 | + /* An attacker can control the selected ciphersuite so we only wish to | ||
169 | + * do False Start in the case that the selected ciphersuite is | ||
170 | + * sufficiently strong that the attack can gain no advantage. | ||
171 | + * Therefore we always require an 80-bit cipher. */ | ||
172 | + ssl_GetSpecReadLock(ss); | ||
173 | + maybeFalseStart = ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10; | ||
174 | + ssl_ReleaseSpecReadLock(ss); | ||
175 | + | ||
176 | + if (!maybeFalseStart) { | ||
177 | + SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher", | ||
178 | + SSL_GETPID(), ss->fd)); | ||
179 | + } else { | ||
180 | + rv = (ss->canFalseStartCallback)(ss->fd, | ||
181 | + ss->canFalseStartCallbackData, | ||
182 | + &ss->ssl3.hs.canFalseStart); | ||
183 | + if (rv == SECSuccess) { | ||
184 | + SSL_TRC(3, ("%d: SSL[%d]: false start callback returned %s", | ||
185 | + SSL_GETPID(), ss->fd, | ||
186 | + ss->ssl3.hs.canFalseStart ? "TRUE" : "FALSE")); | ||
187 | + } else { | ||
188 | + SSL_TRC(3, ("%d: SSL[%d]: false start callback failed (%s)", | ||
189 | + SSL_GETPID(), ss->fd, | ||
190 | + PR_ErrorToName(PR_GetError()))); | ||
191 | + } | ||
192 | + return rv; | ||
193 | + } | ||
194 | + } | ||
195 | + | ||
196 | + ss->ssl3.hs.canFalseStart = PR_FALSE; | ||
197 | + return SECSuccess; | ||
198 | +} | ||
199 | + | ||
200 | PRBool | ||
201 | -ssl3_CanFalseStart(sslSocket *ss) { | ||
202 | - PRBool rv; | ||
203 | +ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss) | ||
204 | +{ | ||
205 | + PRBool result = PR_FALSE; | ||
206 | |||
207 | PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | ||
208 | |||
209 | - /* XXX: does not take into account whether we are waiting for | ||
210 | - * SSL_AuthCertificateComplete or SSL_RestartHandshakeAfterCertReq. If/when | ||
211 | - * that is done, this function could return different results each time it | ||
212 | - * would be called. | ||
213 | - */ | ||
214 | + switch (ss->ssl3.hs.ws) { | ||
215 | + case wait_new_session_ticket: | ||
216 | + result = PR_TRUE; | ||
217 | + break; | ||
218 | + case wait_change_cipher: | ||
219 | + result = !ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn); | ||
220 | + break; | ||
221 | + case wait_finished: | ||
222 | + break; | ||
223 | + default: | ||
224 | + PR_NOT_REACHED("ssl3_WaitingForStartOfServerSecondRound"); | ||
225 | + } | ||
226 | |||
227 | - ssl_GetSpecReadLock(ss); | ||
228 | - rv = ss->opt.enableFalseStart && | ||
229 | - !ss->sec.isServer && | ||
230 | - !ss->ssl3.hs.isResuming && | ||
231 | - ss->ssl3.cwSpec && | ||
232 | - | ||
233 | - /* An attacker can control the selected ciphersuite so we only wish to | ||
234 | - * do False Start in the case that the selected ciphersuite is | ||
235 | - * sufficiently strong that the attack can gain no advantage. | ||
236 | - * Therefore we require an 80-bit cipher and a forward-secret key | ||
237 | - * exchange. */ | ||
238 | - ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | ||
239 | - (ss->ssl3.hs.kea_def->kea == kea_dhe_dss || | ||
240 | - ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || | ||
241 | - ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | ||
242 | - ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa); | ||
243 | - ssl_ReleaseSpecReadLock(ss); | ||
244 | - return rv; | ||
245 | + return result; | ||
246 | } | ||
247 | |||
248 | static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); | ||
249 | @@ -6785,6 +6822,9 @@ ssl3_SendClientSecondRound(sslSocket *ss) | ||
250 | } | ||
251 | if (ss->ssl3.hs.authCertificatePending && | ||
252 | (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) { | ||
253 | + SSL_TRC(3, ("%d: SSL3[%p]: deferring ssl3_SendClientSecondRound because" | ||
254 | + " certificate authentication is still pending.", | ||
255 | + SSL_GETPID(), ss->fd)); | ||
256 | ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound; | ||
257 | return SECWouldBlock; | ||
258 | } | ||
259 | @@ -6822,14 +6862,50 @@ ssl3_SendClientSecondRound(sslSocket *ss) | ||
260 | goto loser; /* err code was set. */ | ||
261 | } | ||
262 | |||
263 | - /* XXX: If the server's certificate hasn't been authenticated by this | ||
264 | - * point, then we may be leaking this NPN message to an attacker. | ||
265 | + /* This must be done after we've set ss->ssl3.cwSpec in | ||
266 | + * ssl3_SendChangeCipherSpecs because SSL_GetChannelInfo uses information | ||
267 | + * from cwSpec. This must be done before we call ssl3_CheckFalseStart | ||
268 | + * because the false start callback (if any) may need the information from | ||
269 | + * the functions that depend on this being set. | ||
270 | */ | ||
271 | + ss->enoughFirstHsDone = PR_TRUE; | ||
272 | + | ||
273 | if (!ss->firstHsDone) { | ||
274 | + /* XXX: If the server's certificate hasn't been authenticated by this | ||
275 | + * point, then we may be leaking this NPN message to an attacker. | ||
276 | + */ | ||
277 | rv = ssl3_SendNextProto(ss); | ||
278 | if (rv != SECSuccess) { | ||
279 | goto loser; /* err code was set. */ | ||
280 | } | ||
281 | + | ||
282 | + if (ss->opt.enableFalseStart) { | ||
283 | + if (!ss->ssl3.hs.authCertificatePending) { | ||
284 | + /* When we fix bug 589047, we will need to know whether we are | ||
285 | + * false starting before we try to flush the client second | ||
286 | + * round to the network. With that in mind, we purposefully | ||
287 | + * call ssl3_CheckFalseStart before calling ssl3_SendFinished, | ||
288 | + * which includes a call to ssl3_FlushHandshake, so that | ||
289 | + * no application develops a reliance on such flushing being | ||
290 | + * done before its false start callback is called. | ||
291 | + */ | ||
292 | + ssl_ReleaseXmitBufLock(ss); | ||
293 | + rv = ssl3_CheckFalseStart(ss); | ||
294 | + ssl_GetXmitBufLock(ss); | ||
295 | + if (rv != SECSuccess) { | ||
296 | + goto loser; | ||
297 | + } | ||
298 | + } else { | ||
299 | + /* The certificate authentication and the server's Finished | ||
300 | + * message are racing each other. If the certificate | ||
301 | + * authentication wins, then we will try to false start in | ||
302 | + * ssl3_AuthCertificateComplete. | ||
303 | + */ | ||
304 | + SSL_TRC(3, ("%d: SSL3[%p]: deferring false start check because" | ||
305 | + " certificate authentication is still pending.", | ||
306 | + SSL_GETPID(), ss->fd)); | ||
307 | + } | ||
308 | + } | ||
309 | } | ||
310 | |||
311 | rv = ssl3_SendFinished(ss, 0); | ||
312 | @@ -6844,10 +6920,7 @@ ssl3_SendClientSecondRound(sslSocket *ss) | ||
313 | else | ||
314 | ss->ssl3.hs.ws = wait_change_cipher; | ||
315 | |||
316 | - /* Do the handshake callback for sslv3 here, if we can false start. */ | ||
317 | - if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | ||
318 | - (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | ||
319 | - } | ||
320 | + PORT_Assert(ssl3_WaitingForStartOfServerSecondRound(ss)); | ||
321 | |||
322 | return SECSuccess; | ||
323 | |||
324 | @@ -9421,13 +9494,6 @@ ssl3_AuthCertificate(sslSocket *ss) | ||
325 | |||
326 | ss->ssl3.hs.authCertificatePending = PR_TRUE; | ||
327 | rv = SECSuccess; | ||
328 | - | ||
329 | - /* XXX: Async cert validation and False Start don't work together | ||
330 | - * safely yet; if we leave False Start enabled, we may end up false | ||
331 | - * starting (sending application data) before we | ||
332 | - * SSL_AuthCertificateComplete has been called. | ||
333 | - */ | ||
334 | - ss->opt.enableFalseStart = PR_FALSE; | ||
335 | } | ||
336 | |||
337 | if (rv != SECSuccess) { | ||
338 | @@ -9551,6 +9617,12 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) | ||
339 | } else if (ss->ssl3.hs.restartTarget != NULL) { | ||
340 | sslRestartTarget target = ss->ssl3.hs.restartTarget; | ||
341 | ss->ssl3.hs.restartTarget = NULL; | ||
342 | + | ||
343 | + if (target == ssl3_FinishHandshake) { | ||
344 | + SSL_TRC(3,("%d: SSL3[%p]: certificate authentication lost the race" | ||
345 | + " with peer's finished message", SSL_GETPID(), ss->fd)); | ||
346 | + } | ||
347 | + | ||
348 | rv = target(ss); | ||
349 | /* Even if we blocked here, we have accomplished enough to claim | ||
350 | * success. Any remaining work will be taken care of by subsequent | ||
351 | @@ -9560,7 +9632,29 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) | ||
352 | rv = SECSuccess; | ||
353 | } | ||
354 | } else { | ||
355 | - rv = SECSuccess; | ||
356 | + SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with" | ||
357 | + " peer's finished message", SSL_GETPID(), ss->fd)); | ||
358 | + | ||
359 | + PORT_Assert(!ss->firstHsDone); | ||
360 | + PORT_Assert(!ss->sec.isServer); | ||
361 | + PORT_Assert(!ss->ssl3.hs.isResuming); | ||
362 | + PORT_Assert(ss->ssl3.hs.ws == wait_new_session_ticket || | ||
363 | + ss->ssl3.hs.ws == wait_change_cipher || | ||
364 | + ss->ssl3.hs.ws == wait_finished); | ||
365 | + | ||
366 | + /* ssl3_SendClientSecondRound deferred the false start check because | ||
367 | + * certificate authentication was pending, so we do it now if we still | ||
368 | + * haven't received any of the server's second round yet. | ||
369 | + */ | ||
370 | + if (ss->opt.enableFalseStart && | ||
371 | + !ss->firstHsDone && | ||
372 | + !ss->sec.isServer && | ||
373 | + !ss->ssl3.hs.isResuming && | ||
374 | + ssl3_WaitingForStartOfServerSecondRound(ss)) { | ||
375 | + rv = ssl3_CheckFalseStart(ss); | ||
376 | + } else { | ||
377 | + rv = SECSuccess; | ||
378 | + } | ||
379 | } | ||
380 | |||
381 | done: | ||
382 | @@ -10023,9 +10117,6 @@ xmit_loser: | ||
383 | return rv; | ||
384 | } | ||
385 | |||
386 | - ss->gs.writeOffset = 0; | ||
387 | - ss->gs.readOffset = 0; | ||
388 | - | ||
389 | if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { | ||
390 | effectiveExchKeyType = kt_rsa; | ||
391 | } else { | ||
392 | @@ -10090,6 +10181,9 @@ xmit_loser: | ||
393 | return rv; | ||
394 | } | ||
395 | |||
396 | +/* The return type is SECStatus instead of void because this function needs | ||
397 | + * to have type sslRestartTarget. | ||
398 | + */ | ||
399 | SECStatus | ||
400 | ssl3_FinishHandshake(sslSocket * ss) | ||
401 | { | ||
402 | @@ -10099,19 +10193,16 @@ ssl3_FinishHandshake(sslSocket * ss) | ||
403 | |||
404 | /* The first handshake is now completed. */ | ||
405 | ss->handshake = NULL; | ||
406 | - ss->firstHsDone = PR_TRUE; | ||
407 | |||
408 | if (ss->ssl3.hs.cacheSID) { | ||
409 | (*ss->sec.cache)(ss->sec.ci.sid); | ||
410 | ss->ssl3.hs.cacheSID = PR_FALSE; | ||
411 | } | ||
412 | |||
413 | + ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */ | ||
414 | ss->ssl3.hs.ws = idle_handshake; | ||
415 | |||
416 | - /* Do the handshake callback for sslv3 here, if we cannot false start. */ | ||
417 | - if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { | ||
418 | - (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | ||
419 | - } | ||
420 | + ssl_FinishHandshake(ss); | ||
421 | |||
422 | return SECSuccess; | ||
423 | } | ||
424 | @@ -11045,7 +11136,6 @@ process_it: | ||
425 | |||
426 | ssl_ReleaseSSL3HandshakeLock(ss); | ||
427 | return rv; | ||
428 | - | ||
429 | } | ||
430 | |||
431 | /* | ||
432 | diff --git a/nss/lib/ssl/ssl3gthr.c b/nss/lib/ssl/ssl3gthr.c | ||
433 | index 6d62515..03e369d 100644 | ||
434 | --- a/nss/lib/ssl/ssl3gthr.c | ||
435 | +++ b/nss/lib/ssl/ssl3gthr.c | ||
436 | @@ -275,11 +275,17 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | ||
437 | { | ||
438 | SSL3Ciphertext cText; | ||
439 | int rv; | ||
440 | - PRBool canFalseStart = PR_FALSE; | ||
441 | + PRBool keepGoing = PR_TRUE; | ||
442 | |||
443 | SSL_TRC(30, ("ssl3_GatherCompleteHandshake")); | ||
444 | |||
445 | + /* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake, | ||
446 | + * which requires the 1stHandshakeLock, which must be acquired before the | ||
447 | + * RecvBufLock. | ||
448 | + */ | ||
449 | + PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | ||
450 | PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | ||
451 | + | ||
452 | do { | ||
453 | PRBool handleRecordNow = PR_FALSE; | ||
454 | |||
455 | @@ -368,20 +374,48 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | ||
456 | if (rv < 0) { | ||
457 | return ss->recvdCloseNotify ? 0 : rv; | ||
458 | } | ||
459 | + if (rv == (int) SECSuccess && ss->gs.buf.len > 0) { | ||
460 | + /* We have application data to return to the application. This | ||
461 | + * prioritizes returning application data to the application over | ||
462 | + * completing any renegotiation handshake we may be doing. | ||
463 | + */ | ||
464 | + PORT_Assert(ss->firstHsDone); | ||
465 | + PORT_Assert(cText.type == content_application_data); | ||
466 | + break; | ||
467 | + } | ||
468 | |||
469 | - /* If we kicked off a false start in ssl3_HandleServerHelloDone, break | ||
470 | - * out of this loop early without finishing the handshake. | ||
471 | - */ | ||
472 | - if (ss->opt.enableFalseStart) { | ||
473 | - ssl_GetSSL3HandshakeLock(ss); | ||
474 | - canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || | ||
475 | - ss->ssl3.hs.ws == wait_new_session_ticket) && | ||
476 | - ssl3_CanFalseStart(ss); | ||
477 | - ssl_ReleaseSSL3HandshakeLock(ss); | ||
478 | + PORT_Assert(keepGoing); | ||
479 | + ssl_GetSSL3HandshakeLock(ss); | ||
480 | + if (ss->ssl3.hs.ws == idle_handshake) { | ||
481 | + /* We are done with the current handshake so stop trying to | ||
482 | + * handshake. Note that it would be safe to test ss->firstHsDone | ||
483 | + * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead, | ||
484 | + * we prioritize completing a renegotiation handshake over sending | ||
485 | + * application data. | ||
486 | + */ | ||
487 | + PORT_Assert(ss->firstHsDone); | ||
488 | + PORT_Assert(!ss->ssl3.hs.canFalseStart); | ||
489 | + keepGoing = PR_FALSE; | ||
490 | + } else if (ss->ssl3.hs.canFalseStart) { | ||
491 | + /* Prioritize sending application data over trying to complete | ||
492 | + * the handshake if we're false starting. | ||
493 | + * | ||
494 | + * If we were to do this check at the beginning of the loop instead | ||
495 | + * of here, then this function would become be a no-op after | ||
496 | + * receiving the ServerHelloDone in the false start case, and we | ||
497 | + * would never complete the handshake. | ||
498 | + */ | ||
499 | + PORT_Assert(!ss->firstHsDone); | ||
500 | + | ||
501 | + if (ssl3_WaitingForStartOfServerSecondRound(ss)) { | ||
502 | + keepGoing = PR_FALSE; | ||
503 | + } else { | ||
504 | + ss->ssl3.hs.canFalseStart = PR_FALSE; | ||
505 | + } | ||
506 | } | ||
507 | - } while (ss->ssl3.hs.ws != idle_handshake && | ||
508 | - !canFalseStart && | ||
509 | - ss->gs.buf.len == 0); | ||
510 | + ssl_ReleaseSSL3HandshakeLock(ss); | ||
511 | + } while (keepGoing); | ||
512 | + | ||
513 | |||
514 | ss->gs.readOffset = 0; | ||
515 | ss->gs.writeOffset = ss->gs.buf.len; | ||
516 | @@ -404,7 +438,10 @@ ssl3_GatherAppDataRecord(sslSocket *ss, int flags) | ||
517 | { | ||
518 | int rv; | ||
519 | |||
520 | + /* ssl3_GatherCompleteHandshake requires both of these locks. */ | ||
521 | + PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | ||
522 | PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | ||
523 | + | ||
524 | do { | ||
525 | rv = ssl3_GatherCompleteHandshake(ss, flags); | ||
526 | } while (rv > 0 && ss->gs.buf.len == 0); | ||
527 | diff --git a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c | ||
528 | index d2f57bf..cb956d4 100644 | ||
529 | --- a/nss/lib/ssl/sslauth.c | ||
530 | +++ b/nss/lib/ssl/sslauth.c | ||
531 | @@ -60,7 +60,6 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, | ||
532 | sslSocket *ss; | ||
533 | const char *cipherName; | ||
534 | PRBool isDes = PR_FALSE; | ||
535 | - PRBool enoughFirstHsDone = PR_FALSE; | ||
536 | |||
537 | ss = ssl_FindSocket(fd); | ||
538 | if (!ss) { | ||
539 | @@ -78,14 +77,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, | ||
540 | *op = SSL_SECURITY_STATUS_OFF; | ||
541 | } | ||
542 | |||
543 | - if (ss->firstHsDone) { | ||
544 | - enoughFirstHsDone = PR_TRUE; | ||
545 | - } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | ||
546 | - ssl3_CanFalseStart(ss)) { | ||
547 | - enoughFirstHsDone = PR_TRUE; | ||
548 | - } | ||
549 | - | ||
550 | - if (ss->opt.useSecurity && enoughFirstHsDone) { | ||
551 | + if (ss->opt.useSecurity && ss->enoughFirstHsDone) { | ||
552 | if (ss->version < SSL_LIBRARY_VERSION_3_0) { | ||
553 | cipherName = ssl_cipherName[ss->sec.cipherType]; | ||
554 | } else { | ||
555 | diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h | ||
556 | index 90e9567..bf0d67f 100644 | ||
557 | --- a/nss/lib/ssl/sslimpl.h | ||
558 | +++ b/nss/lib/ssl/sslimpl.h | ||
559 | @@ -842,6 +842,8 @@ const ssl3CipherSuiteDef *suite_def; | ||
560 | /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ | ||
561 | PRBool cacheSID; | ||
562 | |||
563 | + PRBool canFalseStart; /* Can/did we False Start */ | ||
564 | + | ||
565 | /* clientSigAndHash contains the contents of the signature_algorithms | ||
566 | * extension (if any) from the client. This is only valid for TLS 1.2 | ||
567 | * or later. */ | ||
568 | @@ -1116,6 +1118,10 @@ struct sslSocketStr { | ||
569 | unsigned long clientAuthRequested; | ||
570 | unsigned long delayDisabled; /* Nagle delay disabled */ | ||
571 | unsigned long firstHsDone; /* first handshake is complete. */ | ||
572 | + unsigned long enoughFirstHsDone; /* enough of the first handshake is | ||
573 | + * done for callbacks to be able to | ||
574 | + * retrieve channel security | ||
575 | + * parameters from the SSL socket. */ | ||
576 | unsigned long handshakeBegun; | ||
577 | unsigned long lastWriteBlocked; | ||
578 | unsigned long recvdCloseNotify; /* received SSL EOF. */ | ||
579 | @@ -1156,6 +1162,8 @@ const unsigned char * preferredCipher; | ||
580 | void *badCertArg; | ||
581 | SSLHandshakeCallback handshakeCallback; | ||
582 | void *handshakeCallbackData; | ||
583 | + SSLCanFalseStartCallback canFalseStartCallback; | ||
584 | + void *canFalseStartCallbackData; | ||
585 | void *pkcs11PinArg; | ||
586 | SSLNextProtoCallback nextProtoCallback; | ||
587 | void *nextProtoArg; | ||
588 | @@ -1358,7 +1366,19 @@ extern void ssl3_SetAlwaysBlock(sslSocket *ss); | ||
589 | |||
590 | extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | ||
591 | |||
592 | -extern PRBool ssl3_CanFalseStart(sslSocket *ss); | ||
593 | +extern void ssl_FinishHandshake(sslSocket *ss); | ||
594 | + | ||
595 | +/* Returns PR_TRUE if we are still waiting for the server to respond to our | ||
596 | + * client second round. Once we've received any part of the server's second | ||
597 | + * round then we don't bother trying to false start since it is almost always | ||
598 | + * the case that the NewSessionTicket, ChangeCipherSoec, and Finished messages | ||
599 | + * were sent in the same packet and we want to process them all at the same | ||
600 | + * time. If we were to try to false start in the middle of the server's second | ||
601 | + * round, then we would increase the number of I/O operations | ||
602 | + * (SSL_ForceHandshake/PR_Recv/PR_Send/etc.) needed to finish the handshake. | ||
603 | + */ | ||
604 | +extern PRBool ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss); | ||
605 | + | ||
606 | extern SECStatus | ||
607 | ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, | ||
608 | PRBool isServer, | ||
609 | diff --git a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c | ||
610 | index 9f2597e..d0c23b7 100644 | ||
611 | --- a/nss/lib/ssl/sslinfo.c | ||
612 | +++ b/nss/lib/ssl/sslinfo.c | ||
613 | @@ -26,7 +26,6 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) | ||
614 | sslSocket * ss; | ||
615 | SSLChannelInfo inf; | ||
616 | sslSessionID * sid; | ||
617 | - PRBool enoughFirstHsDone = PR_FALSE; | ||
618 | |||
619 | if (!info || len < sizeof inf.length) { | ||
620 | PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
621 | @@ -43,14 +42,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) | ||
622 | memset(&inf, 0, sizeof inf); | ||
623 | inf.length = PR_MIN(sizeof inf, len); | ||
624 | |||
625 | - if (ss->firstHsDone) { | ||
626 | - enoughFirstHsDone = PR_TRUE; | ||
627 | - } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | ||
628 | - ssl3_CanFalseStart(ss)) { | ||
629 | - enoughFirstHsDone = PR_TRUE; | ||
630 | - } | ||
631 | - | ||
632 | - if (ss->opt.useSecurity && enoughFirstHsDone) { | ||
633 | + if (ss->opt.useSecurity && ss->enoughFirstHsDone) { | ||
634 | sid = ss->sec.ci.sid; | ||
635 | inf.protocolVersion = ss->version; | ||
636 | inf.authKeyBits = ss->sec.authKeyBits; | ||
637 | diff --git a/nss/lib/ssl/sslreveal.c b/nss/lib/ssl/sslreveal.c | ||
638 | index dc14794..d972998 100644 | ||
639 | --- a/nss/lib/ssl/sslreveal.c | ||
640 | +++ b/nss/lib/ssl/sslreveal.c | ||
641 | @@ -77,7 +77,6 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, | ||
642 | { | ||
643 | /* some decisions derived from SSL_GetChannelInfo */ | ||
644 | sslSocket * sslsocket = NULL; | ||
645 | - PRBool enoughFirstHsDone = PR_FALSE; | ||
646 | |||
647 | if (!pYes) { | ||
648 | PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
649 | @@ -93,14 +92,8 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, | ||
650 | |||
651 | *pYes = PR_FALSE; | ||
652 | |||
653 | - if (sslsocket->firstHsDone) { | ||
654 | - enoughFirstHsDone = PR_TRUE; | ||
655 | - } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) { | ||
656 | - enoughFirstHsDone = PR_TRUE; | ||
657 | - } | ||
658 | - | ||
659 | /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ | ||
660 | - if (sslsocket->opt.useSecurity && enoughFirstHsDone) { | ||
661 | + if (sslsocket->opt.useSecurity) { | ||
662 | if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ | ||
663 | /* now we know this socket went through ssl3_InitState() and | ||
664 | * ss->xtnData got initialized, which is the only member accessed by | ||
665 | diff --git a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c | ||
666 | index 49bb42b..d0df442 100644 | ||
667 | --- a/nss/lib/ssl/sslsecur.c | ||
668 | +++ b/nss/lib/ssl/sslsecur.c | ||
669 | @@ -97,23 +97,13 @@ ssl_Do1stHandshake(sslSocket *ss) | ||
670 | ss->securityHandshake = 0; | ||
671 | } | ||
672 | if (ss->handshake == 0) { | ||
673 | - ssl_GetRecvBufLock(ss); | ||
674 | - ss->gs.recordLen = 0; | ||
675 | - ssl_ReleaseRecvBufLock(ss); | ||
676 | - | ||
677 | - SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", | ||
678 | - SSL_GETPID(), ss->fd)); | ||
679 | - /* call handshake callback for ssl v2 */ | ||
680 | - /* for v3 this is done in ssl3_HandleFinished() */ | ||
681 | - if ((ss->handshakeCallback != NULL) && /* has callback */ | ||
682 | - (!ss->firstHsDone) && /* only first time */ | ||
683 | - (ss->version < SSL_LIBRARY_VERSION_3_0)) { /* not ssl3 */ | ||
684 | - ss->firstHsDone = PR_TRUE; | ||
685 | - (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | ||
686 | + /* for v3 this is done in ssl3_FinishHandshake */ | ||
687 | + if (!ss->firstHsDone && ss->version < SSL_LIBRARY_VERSION_3_0) { | ||
688 | + ssl_GetRecvBufLock(ss); | ||
689 | + ss->gs.recordLen = 0; | ||
690 | + ssl_FinishHandshake(ss); | ||
691 | + ssl_ReleaseRecvBufLock(ss); | ||
692 | } | ||
693 | - ss->firstHsDone = PR_TRUE; | ||
694 | - ss->gs.writeOffset = 0; | ||
695 | - ss->gs.readOffset = 0; | ||
696 | break; | ||
697 | } | ||
698 | rv = (*ss->handshake)(ss); | ||
699 | @@ -134,6 +124,24 @@ ssl_Do1stHandshake(sslSocket *ss) | ||
700 | return rv; | ||
701 | } | ||
702 | |||
703 | +void | ||
704 | +ssl_FinishHandshake(sslSocket *ss) | ||
705 | +{ | ||
706 | + PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | ||
707 | + PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | ||
708 | + | ||
709 | + SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd)); | ||
710 | + | ||
711 | + ss->firstHsDone = PR_TRUE; | ||
712 | + ss->enoughFirstHsDone = PR_TRUE; | ||
713 | + ss->gs.writeOffset = 0; | ||
714 | + ss->gs.readOffset = 0; | ||
715 | + | ||
716 | + if (ss->handshakeCallback) { | ||
717 | + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | ||
718 | + } | ||
719 | +} | ||
720 | + | ||
721 | /* | ||
722 | * Handshake function that blocks. Used to force a | ||
723 | * retry on a connection on the next read/write. | ||
724 | @@ -206,6 +214,7 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer) | ||
725 | ssl_Get1stHandshakeLock(ss); | ||
726 | |||
727 | ss->firstHsDone = PR_FALSE; | ||
728 | + ss->enoughFirstHsDone = PR_FALSE; | ||
729 | if ( asServer ) { | ||
730 | ss->handshake = ssl2_BeginServerHandshake; | ||
731 | ss->handshaking = sslHandshakingAsServer; | ||
732 | @@ -221,6 +230,8 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer) | ||
733 | ssl_ReleaseRecvBufLock(ss); | ||
734 | |||
735 | ssl_GetSSL3HandshakeLock(ss); | ||
736 | + ss->ssl3.hs.canFalseStart = PR_FALSE; | ||
737 | + ss->ssl3.hs.restartTarget = NULL; | ||
738 | |||
739 | /* | ||
740 | ** Blow away old security state and get a fresh setup. | ||
741 | @@ -331,6 +342,71 @@ SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb, | ||
742 | return SECSuccess; | ||
743 | } | ||
744 | |||
745 | +/* Register an application callback to be called when false start may happen. | ||
746 | +** Acquires and releases HandshakeLock. | ||
747 | +*/ | ||
748 | +SECStatus | ||
749 | +SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb, | ||
750 | + void *arg) | ||
751 | +{ | ||
752 | + sslSocket *ss; | ||
753 | + | ||
754 | + ss = ssl_FindSocket(fd); | ||
755 | + if (!ss) { | ||
756 | + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback", | ||
757 | + SSL_GETPID(), fd)); | ||
758 | + return SECFailure; | ||
759 | + } | ||
760 | + | ||
761 | + if (!ss->opt.useSecurity) { | ||
762 | + PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
763 | + return SECFailure; | ||
764 | + } | ||
765 | + | ||
766 | + ssl_Get1stHandshakeLock(ss); | ||
767 | + ssl_GetSSL3HandshakeLock(ss); | ||
768 | + | ||
769 | + ss->canFalseStartCallback = cb; | ||
770 | + ss->canFalseStartCallbackData = arg; | ||
771 | + | ||
772 | + ssl_ReleaseSSL3HandshakeLock(ss); | ||
773 | + ssl_Release1stHandshakeLock(ss); | ||
774 | + | ||
775 | + return SECSuccess; | ||
776 | +} | ||
777 | + | ||
778 | +SECStatus | ||
779 | +SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart) | ||
780 | +{ | ||
781 | + sslSocket *ss; | ||
782 | + | ||
783 | + *canFalseStart = PR_FALSE; | ||
784 | + ss = ssl_FindSocket(fd); | ||
785 | + if (!ss) { | ||
786 | + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RecommendedCanFalseStart", | ||
787 | + SSL_GETPID(), fd)); | ||
788 | + return SECFailure; | ||
789 | + } | ||
790 | + | ||
791 | + if (!ss->ssl3.initialized) { | ||
792 | + PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
793 | + return SECFailure; | ||
794 | + } | ||
795 | + | ||
796 | + if (ss->version < SSL_LIBRARY_VERSION_3_0) { | ||
797 | + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); | ||
798 | + return SECFailure; | ||
799 | + } | ||
800 | + | ||
801 | + /* Require a forward-secret key exchange. */ | ||
802 | + *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss || | ||
803 | + ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || | ||
804 | + ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | ||
805 | + ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa; | ||
806 | + | ||
807 | + return SECSuccess; | ||
808 | +} | ||
809 | + | ||
810 | /* Try to make progress on an SSL handshake by attempting to read the | ||
811 | ** next handshake from the peer, and sending any responses. | ||
812 | ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot | ||
813 | @@ -524,6 +600,9 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) | ||
814 | int amount; | ||
815 | int available; | ||
816 | |||
817 | + /* ssl3_GatherAppDataRecord may call ssl_FinishHandshake, which needs the | ||
818 | + * 1stHandshakeLock. */ | ||
819 | + ssl_Get1stHandshakeLock(ss); | ||
820 | ssl_GetRecvBufLock(ss); | ||
821 | |||
822 | available = ss->gs.writeOffset - ss->gs.readOffset; | ||
823 | @@ -590,6 +669,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) | ||
824 | |||
825 | done: | ||
826 | ssl_ReleaseRecvBufLock(ss); | ||
827 | + ssl_Release1stHandshakeLock(ss); | ||
828 | return rv; | ||
829 | } | ||
830 | |||
831 | @@ -1156,7 +1236,7 @@ ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len) | ||
832 | int | ||
833 | ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) | ||
834 | { | ||
835 | - int rv = 0; | ||
836 | + int rv = 0; | ||
837 | |||
838 | SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes", | ||
839 | SSL_GETPID(), ss->fd, len)); | ||
840 | @@ -1191,19 +1271,15 @@ ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) | ||
841 | ss->writerThread = PR_GetCurrentThread(); | ||
842 | /* If any of these is non-zero, the initial handshake is not done. */ | ||
843 | if (!ss->firstHsDone) { | ||
844 | - PRBool canFalseStart = PR_FALSE; | ||
845 | + PRBool falseStart = PR_FALSE; | ||
846 | ssl_Get1stHandshakeLock(ss); | ||
847 | - if (ss->version >= SSL_LIBRARY_VERSION_3_0) { | ||
848 | + if (ss->opt.enableFalseStart && | ||
849 | + ss->version >= SSL_LIBRARY_VERSION_3_0) { | ||
850 | ssl_GetSSL3HandshakeLock(ss); | ||
851 | - if ((ss->ssl3.hs.ws == wait_change_cipher || | ||
852 | - ss->ssl3.hs.ws == wait_finished || | ||
853 | - ss->ssl3.hs.ws == wait_new_session_ticket) && | ||
854 | - ssl3_CanFalseStart(ss)) { | ||
855 | - canFalseStart = PR_TRUE; | ||
856 | - } | ||
857 | + falseStart = ss->ssl3.hs.canFalseStart; | ||
858 | ssl_ReleaseSSL3HandshakeLock(ss); | ||
859 | } | ||
860 | - if (!canFalseStart && | ||
861 | + if (!falseStart && | ||
862 | (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { | ||
863 | rv = ssl_Do1stHandshake(ss); | ||
864 | } | ||
865 | @@ -1228,6 +1304,17 @@ ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) | ||
866 | goto done; | ||
867 | } | ||
868 | |||
869 | + if (!ss->firstHsDone) { | ||
870 | + PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_3_0); | ||
871 | +#ifdef DEBUG | ||
872 | + ssl_GetSSL3HandshakeLock(ss); | ||
873 | + PORT_Assert(ss->ssl3.hs.canFalseStart); | ||
874 | + ssl_ReleaseSSL3HandshakeLock(ss); | ||
875 | +#endif | ||
876 | + SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start", | ||
877 | + SSL_GETPID(), ss->fd)); | ||
878 | + } | ||
879 | + | ||
880 | /* Send out the data using one of these functions: | ||
881 | * ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock, | ||
882 | * ssl3_SendApplicationData | ||
883 | diff --git a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c | ||
884 | index cd4a7a7..73e069b 100644 | ||
885 | --- a/nss/lib/ssl/sslsock.c | ||
886 | +++ b/nss/lib/ssl/sslsock.c | ||
887 | @@ -349,6 +349,8 @@ ssl_DupSocket(sslSocket *os) | ||
888 | ss->badCertArg = os->badCertArg; | ||
889 | ss->handshakeCallback = os->handshakeCallback; | ||
890 | ss->handshakeCallbackData = os->handshakeCallbackData; | ||
891 | + ss->canFalseStartCallback = os->canFalseStartCallback; | ||
892 | + ss->canFalseStartCallbackData = os->canFalseStartCallbackData; | ||
893 | ss->pkcs11PinArg = os->pkcs11PinArg; | ||
894 | |||
895 | /* Create security data */ | ||
896 | @@ -2341,10 +2343,14 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) | ||
897 | } else if (new_flags & PR_POLL_WRITE) { | ||
898 | /* The caller is trying to write, but the handshake is | ||
899 | ** blocked waiting for data to read, and the first | ||
900 | - ** handshake has been sent. so do NOT to poll on write. | ||
901 | + ** handshake has been sent. So do NOT to poll on write | ||
902 | + ** unless we did false start. | ||
903 | */ | ||
904 | - new_flags ^= PR_POLL_WRITE; /* don't select on write. */ | ||
905 | - new_flags |= PR_POLL_READ; /* do select on read. */ | ||
906 | + if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && | ||
907 | + ss->ssl3.hs.canFalseStart)) { | ||
908 | + new_flags ^= PR_POLL_WRITE; /* don't select on write. */ | ||
909 | + } | ||
910 | + new_flags |= PR_POLL_READ; /* do select on read. */ | ||
911 | } | ||
912 | } | ||
913 | } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) { | ||
914 | -- | ||
915 | 1.7.9.5 | ||
916 | |||
diff --git a/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch new file mode 100644 index 0000000000..f30475b16b --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2013-5606.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | nss: CVE-2013-5606 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | the patch comes from: | ||
6 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 | ||
7 | https://bugzilla.mozilla.org/show_bug.cgi?id=910438 | ||
8 | http://hg.mozilla.org/projects/nss/rev/d29898e0981c | ||
9 | |||
10 | The CERT_VerifyCert function in lib/certhigh/certvfy.c in | ||
11 | Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides | ||
12 | an unexpected return value for an incompatible key-usage certificate | ||
13 | when the CERTVerifyLog argument is valid, which might allow remote | ||
14 | attackers to bypass intended access restrictions via a crafted certificate. | ||
15 | |||
16 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
17 | --- | ||
18 | nss/lib/certhigh/certvfy.c | 7 +++++-- | ||
19 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c | ||
22 | index f364ceb..f450205 100644 | ||
23 | --- a/nss/lib/certhigh/certvfy.c | ||
24 | +++ b/nss/lib/certhigh/certvfy.c | ||
25 | @@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, | ||
26 | PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); | ||
27 | LOG_ERROR_OR_EXIT(log,cert,0,flags); | ||
28 | } else if (trusted) { | ||
29 | - goto winner; | ||
30 | + goto done; | ||
31 | } | ||
32 | |||
33 | |||
34 | @@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, | ||
35 | } | ||
36 | } | ||
37 | |||
38 | -winner: | ||
39 | +done: | ||
40 | + if (log && log->head) { | ||
41 | + return SECFailure; | ||
42 | + } | ||
43 | return(SECSuccess); | ||
44 | |||
45 | loser: | ||
46 | -- | ||
47 | 1.7.9.5 | ||
48 | |||
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch new file mode 100644 index 0000000000..1be8a17870 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2014-1492.patch | |||
@@ -0,0 +1,68 @@ | |||
1 | nss: CVE-2014-1492 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | the patch comes from: | ||
6 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 | ||
7 | https://bugzilla.mozilla.org/show_bug.cgi?id=903885 | ||
8 | |||
9 | changeset: 11063:709d4e597979 | ||
10 | user: Kai Engert <kaie@kuix.de> | ||
11 | date: Wed Mar 05 18:38:55 2014 +0100 | ||
12 | summary: Bug 903885, address requests to clarify comments from wtc | ||
13 | |||
14 | changeset: 11046:2ffa40a3ff55 | ||
15 | tag: tip | ||
16 | user: Wan-Teh Chang <wtc@google.com> | ||
17 | date: Tue Feb 25 18:17:08 2014 +0100 | ||
18 | summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie | ||
19 | |||
20 | changeset: 11045:15ea62260c21 | ||
21 | user: Christian Heimes <sites@cheimes.de> | ||
22 | date: Mon Feb 24 17:50:25 2014 +0100 | ||
23 | summary: Bug 903885, fix IDNA wildcard handling, r=kaie | ||
24 | |||
25 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
26 | --- | ||
27 | nss/lib/certdb/certdb.c | 15 +++++++++------ | ||
28 | 1 file changed, 9 insertions(+), 6 deletions(-) | ||
29 | |||
30 | diff --git a/nss/lib/certdb/certdb.c b/nss/lib/certdb/certdb.c | ||
31 | index b7d22bd..91877b7 100644 | ||
32 | --- a/nss/lib/certdb/certdb.c | ||
33 | +++ b/nss/lib/certdb/certdb.c | ||
34 | @@ -1381,7 +1381,7 @@ cert_TestHostName(char * cn, const char * hn) | ||
35 | return rv; | ||
36 | } | ||
37 | } else { | ||
38 | - /* New approach conforms to RFC 2818. */ | ||
39 | + /* New approach conforms to RFC 6125. */ | ||
40 | char *wildcard = PORT_Strchr(cn, '*'); | ||
41 | char *firstcndot = PORT_Strchr(cn, '.'); | ||
42 | char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL; | ||
43 | @@ -1390,14 +1390,17 @@ cert_TestHostName(char * cn, const char * hn) | ||
44 | /* For a cn pattern to be considered valid, the wildcard character... | ||
45 | * - may occur only in a DNS name with at least 3 components, and | ||
46 | * - may occur only as last character in the first component, and | ||
47 | - * - may be preceded by additional characters | ||
48 | + * - may be preceded by additional characters, and | ||
49 | + * - must not be preceded by an IDNA ACE prefix (xn--) | ||
50 | */ | ||
51 | if (wildcard && secondcndot && secondcndot[1] && firsthndot | ||
52 | - && firstcndot - wildcard == 1 | ||
53 | - && secondcndot - firstcndot > 1 | ||
54 | - && PORT_Strrchr(cn, '*') == wildcard | ||
55 | + && firstcndot - wildcard == 1 /* wildcard is last char in first component */ | ||
56 | + && secondcndot - firstcndot > 1 /* second component is non-empty */ | ||
57 | + && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */ | ||
58 | && !PORT_Strncasecmp(cn, hn, wildcard - cn) | ||
59 | - && !PORT_Strcasecmp(firstcndot, firsthndot)) { | ||
60 | + && !PORT_Strcasecmp(firstcndot, firsthndot) | ||
61 | + /* If hn starts with xn--, then cn must start with wildcard */ | ||
62 | + && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) { | ||
63 | /* valid wildcard pattern match */ | ||
64 | return SECSuccess; | ||
65 | } | ||
66 | -- | ||
67 | 1.7.9.5 | ||
68 | |||
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch new file mode 100644 index 0000000000..d6434dfe23 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2014-1544.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | nss: CVE-2014-1544 | ||
2 | |||
3 | the patch comes from: | ||
4 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 | ||
5 | https://hg.mozilla.org/projects/nss/rev/204f22c527f8 | ||
6 | |||
7 | author Robert Relyea <rrelyea@redhat.com> | ||
8 | https://bugzilla.mozilla.org/show_bug.cgi?id=963150 | ||
9 | Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls | ||
10 | to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from | ||
11 | freeing the CERTCertificate associated with the NSSCertificate. r=wtc. | ||
12 | |||
13 | Upstream-Status: Pending | ||
14 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
15 | --- | ||
16 | nss/lib/pk11wrap/pk11cert.c | 7 +++++++ | ||
17 | 1 file changed, 7 insertions(+) | ||
18 | |||
19 | diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c | ||
20 | index 39168b9..3f3edb1 100644 | ||
21 | --- a/nss/lib/pk11wrap/pk11cert.c | ||
22 | +++ b/nss/lib/pk11wrap/pk11cert.c | ||
23 | @@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, | ||
24 | * CERTCertificate, and finish | ||
25 | */ | ||
26 | nssPKIObject_AddInstance(&c->object, certobj); | ||
27 | + /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and | ||
28 | + * replace 'c' by a different value. So we add a reference to 'c' to | ||
29 | + * prevent 'c' from being destroyed. */ | ||
30 | + nssCertificate_AddRef(c); | ||
31 | nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); | ||
32 | + /* XXX should we pass the original value of 'c' to | ||
33 | + * STAN_ForceCERTCertificateUpdate? */ | ||
34 | (void)STAN_ForceCERTCertificateUpdate(c); | ||
35 | + nssCertificate_Destroy(c); | ||
36 | SECITEM_FreeItem(keyID,PR_TRUE); | ||
37 | return SECSuccess; | ||
38 | loser: | ||
39 | -- | ||
40 | 1.7.9.5 | ||
41 | |||
diff --git a/meta/recipes-support/nss/files/nss-CVE-2014-1568.patch b/meta/recipes-support/nss/files/nss-CVE-2014-1568.patch new file mode 100644 index 0000000000..dbdb00ce2b --- /dev/null +++ b/meta/recipes-support/nss/files/nss-CVE-2014-1568.patch | |||
@@ -0,0 +1,670 @@ | |||
1 | nss: CVE-2014-1568 | ||
2 | |||
3 | the patch comes from: | ||
4 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568 | ||
5 | https://bugzilla.mozilla.org/show_bug.cgi?id=1064636 | ||
6 | nss ng log: | ||
7 | ===== | ||
8 | changeset: 11252:ad411fb64046 | ||
9 | user: Kai Engert <kaie@kuix.de> | ||
10 | date: Tue Sep 23 19:28:34 2014 +0200 | ||
11 | summary: Fix bug 1064636, patch part 2, r=rrelyea | ||
12 | ===== | ||
13 | changeset: 11253:4e90910ad2f9 | ||
14 | user: Kai Engert <kaie@kuix.de> | ||
15 | date: Tue Sep 23 19:28:45 2014 +0200 | ||
16 | summary: Fix bug 1064636, patch part 3, r=rrelyea | ||
17 | ===== | ||
18 | changeset: 11254:fb7208e91ae8 | ||
19 | user: Kai Engert <kaie@kuix.de> | ||
20 | date: Tue Sep 23 19:28:52 2014 +0200 | ||
21 | summary: Fix bug 1064636, patch part 1, r=rrelyea | ||
22 | ===== | ||
23 | changeset: 11255:8dd6c6ac977d | ||
24 | user: Kai Engert <kaie@kuix.de> | ||
25 | date: Tue Sep 23 19:39:40 2014 +0200 | ||
26 | summary: Bug 1064636, follow up commit to fix Windows build bustage | ||
27 | |||
28 | Upstream-Status: Backport | ||
29 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
30 | --- | ||
31 | nss/lib/cryptohi/secvfy.c | 202 +++++++++++++++++++++++++++----------------- | ||
32 | nss/lib/softoken/pkcs11c.c | 69 +++++++-------- | ||
33 | nss/lib/util/manifest.mn | 2 + | ||
34 | nss/lib/util/nssutil.def | 6 ++ | ||
35 | nss/lib/util/pkcs1sig.c | 169 ++++++++++++++++++++++++++++++++++++ | ||
36 | nss/lib/util/pkcs1sig.h | 30 +++++++ | ||
37 | 6 files changed, 360 insertions(+), 118 deletions(-) | ||
38 | create mode 100644 nss/lib/util/pkcs1sig.c | ||
39 | create mode 100644 nss/lib/util/pkcs1sig.h | ||
40 | |||
41 | diff --git a/nss/lib/cryptohi/secvfy.c b/nss/lib/cryptohi/secvfy.c | ||
42 | index c1ac39b..0a20672 100644 | ||
43 | --- a/nss/lib/cryptohi/secvfy.c | ||
44 | +++ b/nss/lib/cryptohi/secvfy.c | ||
45 | @@ -12,78 +12,111 @@ | ||
46 | #include "secasn1.h" | ||
47 | #include "secoid.h" | ||
48 | #include "pk11func.h" | ||
49 | +#include "pkcs1sig.h" | ||
50 | #include "secdig.h" | ||
51 | #include "secerr.h" | ||
52 | #include "keyi.h" | ||
53 | |||
54 | /* | ||
55 | -** Decrypt signature block using public key | ||
56 | -** Store the hash algorithm oid tag in *tagp | ||
57 | -** Store the digest in the digest buffer | ||
58 | -** Store the digest length in *digestlen | ||
59 | +** Recover the DigestInfo from an RSA PKCS#1 signature. | ||
60 | +** | ||
61 | +** If givenDigestAlg != SEC_OID_UNKNOWN, copy givenDigestAlg to digestAlgOut. | ||
62 | +** Otherwise, parse the DigestInfo structure and store the decoded digest | ||
63 | +** algorithm into digestAlgOut. | ||
64 | +** | ||
65 | +** Store the encoded DigestInfo into digestInfo. | ||
66 | +** Store the DigestInfo length into digestInfoLen. | ||
67 | +** | ||
68 | +** This function does *not* verify that the AlgorithmIdentifier in the | ||
69 | +** DigestInfo identifies givenDigestAlg or that the DigestInfo is encoded | ||
70 | +** correctly; verifyPKCS1DigestInfo does that. | ||
71 | +** | ||
72 | ** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION | ||
73 | */ | ||
74 | static SECStatus | ||
75 | -DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, | ||
76 | - unsigned int *digestlen, unsigned int maxdigestlen, | ||
77 | - SECKEYPublicKey *key, const SECItem *sig, char *wincx) | ||
78 | +recoverPKCS1DigestInfo(SECOidTag givenDigestAlg, | ||
79 | + /*out*/ SECOidTag* digestAlgOut, | ||
80 | + /*out*/ unsigned char** digestInfo, | ||
81 | + /*out*/ unsigned int* digestInfoLen, | ||
82 | + SECKEYPublicKey* key, | ||
83 | + const SECItem* sig, void* wincx) | ||
84 | { | ||
85 | - SGNDigestInfo *di = NULL; | ||
86 | - unsigned char *buf = NULL; | ||
87 | - SECStatus rv; | ||
88 | - SECOidTag tag; | ||
89 | - SECItem it; | ||
90 | - | ||
91 | - if (key == NULL) goto loser; | ||
92 | - | ||
93 | + SGNDigestInfo* di = NULL; | ||
94 | + SECItem it; | ||
95 | + PRBool rv = SECSuccess; | ||
96 | + | ||
97 | + PORT_Assert(digestAlgOut); | ||
98 | + PORT_Assert(digestInfo); | ||
99 | + PORT_Assert(digestInfoLen); | ||
100 | + PORT_Assert(key); | ||
101 | + PORT_Assert(key->keyType == rsaKey); | ||
102 | + PORT_Assert(sig); | ||
103 | + | ||
104 | + it.data = NULL; | ||
105 | it.len = SECKEY_PublicKeyStrength(key); | ||
106 | - if (!it.len) goto loser; | ||
107 | - it.data = buf = (unsigned char *)PORT_Alloc(it.len); | ||
108 | - if (!buf) goto loser; | ||
109 | + if (it.len != 0) { | ||
110 | + it.data = (unsigned char *)PORT_Alloc(it.len); | ||
111 | + } | ||
112 | + if (it.len == 0 || it.data == NULL ) { | ||
113 | + rv = SECFailure; | ||
114 | + } | ||
115 | |||
116 | - /* decrypt the block */ | ||
117 | - rv = PK11_VerifyRecover(key, (SECItem *)sig, &it, wincx); | ||
118 | - if (rv != SECSuccess) goto loser; | ||
119 | + if (rv == SECSuccess) { | ||
120 | + /* decrypt the block */ | ||
121 | + rv = PK11_VerifyRecover(key, sig, &it, wincx); | ||
122 | + } | ||
123 | |||
124 | - di = SGN_DecodeDigestInfo(&it); | ||
125 | - if (di == NULL) goto sigloser; | ||
126 | + if (rv == SECSuccess) { | ||
127 | + if (givenDigestAlg != SEC_OID_UNKNOWN) { | ||
128 | + /* We don't need to parse the DigestInfo if the caller gave us the | ||
129 | + * digest algorithm to use. Later verifyPKCS1DigestInfo will verify | ||
130 | + * that the DigestInfo identifies the given digest algorithm and | ||
131 | + * that the DigestInfo is encoded absolutely correctly. | ||
132 | + */ | ||
133 | + *digestInfoLen = it.len; | ||
134 | + *digestInfo = (unsigned char*)it.data; | ||
135 | + *digestAlgOut = givenDigestAlg; | ||
136 | + return SECSuccess; | ||
137 | + } | ||
138 | + } | ||
139 | |||
140 | - /* | ||
141 | - ** Finally we have the digest info; now we can extract the algorithm | ||
142 | - ** ID and the signature block | ||
143 | - */ | ||
144 | - tag = SECOID_GetAlgorithmTag(&di->digestAlgorithm); | ||
145 | - /* Check that tag is an appropriate algorithm */ | ||
146 | - if (tag == SEC_OID_UNKNOWN) { | ||
147 | - goto sigloser; | ||
148 | - } | ||
149 | - /* make sure the "parameters" are not too bogus. */ | ||
150 | - if (di->digestAlgorithm.parameters.len > 2) { | ||
151 | - goto sigloser; | ||
152 | - } | ||
153 | - if (di->digest.len > maxdigestlen) { | ||
154 | - PORT_SetError(SEC_ERROR_OUTPUT_LEN); | ||
155 | - goto loser; | ||
156 | + if (rv == SECSuccess) { | ||
157 | + /* The caller didn't specify a digest algorithm to use, so choose the | ||
158 | + * digest algorithm by parsing the AlgorithmIdentifier within the | ||
159 | + * DigestInfo. | ||
160 | + */ | ||
161 | + di = SGN_DecodeDigestInfo(&it); | ||
162 | + if (!di) { | ||
163 | + rv = SECFailure; | ||
164 | + } | ||
165 | } | ||
166 | - PORT_Memcpy(digest, di->digest.data, di->digest.len); | ||
167 | - *tagp = tag; | ||
168 | - *digestlen = di->digest.len; | ||
169 | - goto done; | ||
170 | |||
171 | - sigloser: | ||
172 | - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
173 | + if (rv == SECSuccess) { | ||
174 | + *digestAlgOut = SECOID_GetAlgorithmTag(&di->digestAlgorithm); | ||
175 | + if (*digestAlgOut == SEC_OID_UNKNOWN) { | ||
176 | + rv = SECFailure; | ||
177 | + } | ||
178 | + } | ||
179 | |||
180 | - loser: | ||
181 | - rv = SECFailure; | ||
182 | + if (di) { | ||
183 | + SGN_DestroyDigestInfo(di); | ||
184 | + } | ||
185 | + | ||
186 | + if (rv == SECSuccess) { | ||
187 | + *digestInfoLen = it.len; | ||
188 | + *digestInfo = (unsigned char*)it.data; | ||
189 | + } else { | ||
190 | + if (it.data) { | ||
191 | + PORT_Free(it.data); | ||
192 | + } | ||
193 | + *digestInfo = NULL; | ||
194 | + *digestInfoLen = 0; | ||
195 | + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
196 | + } | ||
197 | |||
198 | - done: | ||
199 | - if (di != NULL) SGN_DestroyDigestInfo(di); | ||
200 | - if (buf != NULL) PORT_Free(buf); | ||
201 | - | ||
202 | return rv; | ||
203 | } | ||
204 | |||
205 | - | ||
206 | struct VFYContextStr { | ||
207 | SECOidTag hashAlg; /* the hash algorithm */ | ||
208 | SECKEYPublicKey *key; | ||
209 | @@ -99,14 +132,14 @@ struct VFYContextStr { | ||
210 | union { | ||
211 | unsigned char buffer[1]; | ||
212 | |||
213 | - /* the digest in the decrypted RSA signature */ | ||
214 | - unsigned char rsadigest[HASH_LENGTH_MAX]; | ||
215 | /* the full DSA signature... 40 bytes */ | ||
216 | unsigned char dsasig[DSA_MAX_SIGNATURE_LEN]; | ||
217 | /* the full ECDSA signature */ | ||
218 | unsigned char ecdsasig[2 * MAX_ECKEY_LEN]; | ||
219 | } u; | ||
220 | - unsigned int rsadigestlen; | ||
221 | + unsigned int pkcs1RSADigestInfoLen; | ||
222 | + /* the encoded DigestInfo from a RSA PKCS#1 signature */ | ||
223 | + unsigned char *pkcs1RSADigestInfo; | ||
224 | void * wincx; | ||
225 | void *hashcx; | ||
226 | const SECHashObject *hashobj; | ||
227 | @@ -117,6 +150,17 @@ struct VFYContextStr { | ||
228 | * VFY_EndWithSignature call. */ | ||
229 | }; | ||
230 | |||
231 | +static SECStatus | ||
232 | +verifyPKCS1DigestInfo(const VFYContext* cx, const SECItem* digest) | ||
233 | +{ | ||
234 | + SECItem pkcs1DigestInfo; | ||
235 | + pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo; | ||
236 | + pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen; | ||
237 | + return _SGN_VerifyPKCS1DigestInfo( | ||
238 | + cx->hashAlg, digest, &pkcs1DigestInfo, | ||
239 | + PR_TRUE /*XXX: unsafeAllowMissingParameters*/); | ||
240 | +} | ||
241 | + | ||
242 | /* | ||
243 | * decode the ECDSA or DSA signature from it's DER wrapping. | ||
244 | * The unwrapped/raw signature is placed in the buffer pointed | ||
245 | @@ -376,16 +420,16 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, | ||
246 | cx->encAlg = encAlg; | ||
247 | cx->hashAlg = hashAlg; | ||
248 | cx->key = SECKEY_CopyPublicKey(key); | ||
249 | + cx->pkcs1RSADigestInfo = NULL; | ||
250 | rv = SECSuccess; | ||
251 | if (sig) { | ||
252 | switch (type) { | ||
253 | case rsaKey: | ||
254 | - rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen, | ||
255 | - HASH_LENGTH_MAX, cx->key, sig, (char*)wincx); | ||
256 | - if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) { | ||
257 | - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
258 | - rv = SECFailure; | ||
259 | - } | ||
260 | + rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, | ||
261 | + &cx->pkcs1RSADigestInfo, | ||
262 | + &cx->pkcs1RSADigestInfoLen, | ||
263 | + cx->key, | ||
264 | + sig, wincx); | ||
265 | break; | ||
266 | case dsaKey: | ||
267 | case ecKey: | ||
268 | @@ -469,6 +513,9 @@ VFY_DestroyContext(VFYContext *cx, PRBool freeit) | ||
269 | if (cx->key) { | ||
270 | SECKEY_DestroyPublicKey(cx->key); | ||
271 | } | ||
272 | + if (cx->pkcs1RSADigestInfo) { | ||
273 | + PORT_Free(cx->pkcs1RSADigestInfo); | ||
274 | + } | ||
275 | if (freeit) { | ||
276 | PORT_ZFree(cx, sizeof(VFYContext)); | ||
277 | } | ||
278 | @@ -548,21 +595,25 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig) | ||
279 | } | ||
280 | break; | ||
281 | case rsaKey: | ||
282 | + { | ||
283 | + SECItem digest; | ||
284 | + digest.data = final; | ||
285 | + digest.len = part; | ||
286 | if (sig) { | ||
287 | - SECOidTag hashid = SEC_OID_UNKNOWN; | ||
288 | - rv = DecryptSigBlock(&hashid, cx->u.buffer, &cx->rsadigestlen, | ||
289 | - HASH_LENGTH_MAX, cx->key, sig, (char*)cx->wincx); | ||
290 | - if ((rv != SECSuccess) || (hashid != cx->hashAlg)) { | ||
291 | - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
292 | + SECOidTag hashid; | ||
293 | + PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN); | ||
294 | + rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid, | ||
295 | + &cx->pkcs1RSADigestInfo, | ||
296 | + &cx->pkcs1RSADigestInfoLen, | ||
297 | + cx->key, | ||
298 | + sig, cx->wincx); | ||
299 | + PORT_Assert(cx->hashAlg == hashid); | ||
300 | + if (rv != SECSuccess) { | ||
301 | return SECFailure; | ||
302 | } | ||
303 | } | ||
304 | - if ((part != cx->rsadigestlen) || | ||
305 | - PORT_Memcmp(final, cx->u.buffer, part)) { | ||
306 | - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
307 | - return SECFailure; | ||
308 | - } | ||
309 | - break; | ||
310 | + return verifyPKCS1DigestInfo(cx, &digest); | ||
311 | + } | ||
312 | default: | ||
313 | PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
314 | return SECFailure; /* shouldn't happen */ | ||
315 | @@ -595,12 +646,7 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, | ||
316 | if (cx != NULL) { | ||
317 | switch (key->keyType) { | ||
318 | case rsaKey: | ||
319 | - if ((digest->len != cx->rsadigestlen) || | ||
320 | - PORT_Memcmp(digest->data, cx->u.buffer, digest->len)) { | ||
321 | - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
322 | - } else { | ||
323 | - rv = SECSuccess; | ||
324 | - } | ||
325 | + rv = verifyPKCS1DigestInfo(cx, digest); | ||
326 | break; | ||
327 | case dsaKey: | ||
328 | case ecKey: | ||
329 | diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c | ||
330 | index 89b5bd8..ba6dcfa 100644 | ||
331 | --- a/nss/lib/softoken/pkcs11c.c | ||
332 | +++ b/nss/lib/softoken/pkcs11c.c | ||
333 | @@ -23,6 +23,7 @@ | ||
334 | #include "blapi.h" | ||
335 | #include "pkcs11.h" | ||
336 | #include "pkcs11i.h" | ||
337 | +#include "pkcs1sig.h" | ||
338 | #include "lowkeyi.h" | ||
339 | #include "secder.h" | ||
340 | #include "secdig.h" | ||
341 | @@ -2580,54 +2581,42 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, | ||
342 | } | ||
343 | |||
344 | SECStatus | ||
345 | -RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, | ||
346 | +RSA_HashCheckSign(SECOidTag digestOid, NSSLOWKEYPublicKey *key, | ||
347 | unsigned char *sig, unsigned int sigLen, | ||
348 | - unsigned char *digest, unsigned int digestLen) | ||
349 | + unsigned char *digestData, unsigned int digestLen) | ||
350 | { | ||
351 | + unsigned char *pkcs1DigestInfoData; | ||
352 | + SECItem pkcs1DigestInfo; | ||
353 | + SECItem digest; | ||
354 | + unsigned int bufferSize; | ||
355 | + SECStatus rv; | ||
356 | |||
357 | - SECItem it; | ||
358 | - SGNDigestInfo *di = NULL; | ||
359 | - SECStatus rv = SECSuccess; | ||
360 | - | ||
361 | - it.data = NULL; | ||
362 | - | ||
363 | - if (key == NULL) goto loser; | ||
364 | - | ||
365 | - it.len = nsslowkey_PublicModulusLen(key); | ||
366 | - if (!it.len) goto loser; | ||
367 | + /* pkcs1DigestInfo.data must be less than key->u.rsa.modulus.len */ | ||
368 | + bufferSize = key->u.rsa.modulus.len; | ||
369 | + pkcs1DigestInfoData = PORT_ZAlloc(bufferSize); | ||
370 | + if (!pkcs1DigestInfoData) { | ||
371 | + PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
372 | + return SECFailure; | ||
373 | + } | ||
374 | |||
375 | - it.data = (unsigned char *) PORT_Alloc(it.len); | ||
376 | - if (it.data == NULL) goto loser; | ||
377 | + pkcs1DigestInfo.data = pkcs1DigestInfoData; | ||
378 | + pkcs1DigestInfo.len = bufferSize; | ||
379 | |||
380 | /* decrypt the block */ | ||
381 | - rv = RSA_CheckSignRecover(key, it.data, &it.len, it.len, sig, sigLen); | ||
382 | - if (rv != SECSuccess) goto loser; | ||
383 | - | ||
384 | - di = SGN_DecodeDigestInfo(&it); | ||
385 | - if (di == NULL) goto loser; | ||
386 | - if (di->digest.len != digestLen) goto loser; | ||
387 | - | ||
388 | - /* make sure the tag is OK */ | ||
389 | - if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) { | ||
390 | - goto loser; | ||
391 | - } | ||
392 | - /* make sure the "parameters" are not too bogus. */ | ||
393 | - if (di->digestAlgorithm.parameters.len > 2) { | ||
394 | - goto loser; | ||
395 | - } | ||
396 | - /* Now check the signature */ | ||
397 | - if (PORT_Memcmp(digest, di->digest.data, di->digest.len) == 0) { | ||
398 | - goto done; | ||
399 | + rv = RSA_CheckSignRecover(key, pkcs1DigestInfo.data, | ||
400 | + &pkcs1DigestInfo.len, pkcs1DigestInfo.len, | ||
401 | + sig, sigLen); | ||
402 | + if (rv != SECSuccess) { | ||
403 | + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
404 | + } else { | ||
405 | + digest.data = (PRUint8*) digestData; | ||
406 | + digest.len = digestLen; | ||
407 | + rv = _SGN_VerifyPKCS1DigestInfo( | ||
408 | + digestOid, &digest, &pkcs1DigestInfo, | ||
409 | + PR_TRUE /*XXX: unsafeAllowMissingParameters*/); | ||
410 | } | ||
411 | |||
412 | - loser: | ||
413 | - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
414 | - rv = SECFailure; | ||
415 | - | ||
416 | - done: | ||
417 | - if (it.data != NULL) PORT_Free(it.data); | ||
418 | - if (di != NULL) SGN_DestroyDigestInfo(di); | ||
419 | - | ||
420 | + PORT_Free(pkcs1DigestInfoData); | ||
421 | return rv; | ||
422 | } | ||
423 | |||
424 | diff --git a/nss/lib/util/manifest.mn b/nss/lib/util/manifest.mn | ||
425 | index ed54a16..9ff3758 100644 | ||
426 | --- a/nss/lib/util/manifest.mn | ||
427 | +++ b/nss/lib/util/manifest.mn | ||
428 | @@ -22,6 +22,7 @@ EXPORTS = \ | ||
429 | pkcs11t.h \ | ||
430 | pkcs11n.h \ | ||
431 | pkcs11u.h \ | ||
432 | + pkcs1sig.h \ | ||
433 | portreg.h \ | ||
434 | secasn1.h \ | ||
435 | secasn1t.h \ | ||
436 | @@ -58,6 +59,7 @@ CSRCS = \ | ||
437 | nssrwlk.c \ | ||
438 | nssilock.c \ | ||
439 | oidstring.c \ | ||
440 | + pkcs1sig.c \ | ||
441 | portreg.c \ | ||
442 | secalgid.c \ | ||
443 | secasn1d.c \ | ||
444 | diff --git a/nss/lib/util/nssutil.def b/nss/lib/util/nssutil.def | ||
445 | index 86a0ad7..9d98df2 100644 | ||
446 | --- a/nss/lib/util/nssutil.def | ||
447 | +++ b/nss/lib/util/nssutil.def | ||
448 | @@ -271,3 +271,9 @@ SECITEM_ZfreeArray; | ||
449 | ;+ local: | ||
450 | ;+ *; | ||
451 | ;+}; | ||
452 | +;+NSSUTIL_3.17.1 { # NSS Utilities 3.17.1 release | ||
453 | +;+ global: | ||
454 | +_SGN_VerifyPKCS1DigestInfo; | ||
455 | +;+ local: | ||
456 | +;+ *; | ||
457 | +;+}; | ||
458 | diff --git a/nss/lib/util/pkcs1sig.c b/nss/lib/util/pkcs1sig.c | ||
459 | new file mode 100644 | ||
460 | index 0000000..03b16f5 | ||
461 | --- /dev/null | ||
462 | +++ b/nss/lib/util/pkcs1sig.c | ||
463 | @@ -0,0 +1,169 @@ | ||
464 | +/* This Source Code Form is subject to the terms of the Mozilla Public | ||
465 | + * License, v. 2.0. If a copy of the MPL was not distributed with this | ||
466 | + * file, You can obtain one at http://mozilla.org/MPL/2.0/. | ||
467 | + */ | ||
468 | + | ||
469 | +#include "pkcs1sig.h" | ||
470 | +#include "hasht.h" | ||
471 | +#include "secerr.h" | ||
472 | +#include "secasn1t.h" | ||
473 | +#include "secoid.h" | ||
474 | + | ||
475 | +typedef struct pkcs1PrefixStr pkcs1Prefix; | ||
476 | +struct pkcs1PrefixStr { | ||
477 | + unsigned int len; | ||
478 | + PRUint8 *data; | ||
479 | +}; | ||
480 | + | ||
481 | +typedef struct pkcs1PrefixesStr pkcs1Prefixes; | ||
482 | +struct pkcs1PrefixesStr { | ||
483 | + unsigned int digestLen; | ||
484 | + pkcs1Prefix prefixWithParams; | ||
485 | + pkcs1Prefix prefixWithoutParams; | ||
486 | +}; | ||
487 | + | ||
488 | +/* The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on | ||
489 | + * the possible prefix encodings as explained below. | ||
490 | + */ | ||
491 | +#define MAX_PREFIX_LEN_EXCLUDING_OID 10 | ||
492 | + | ||
493 | +static SECStatus | ||
494 | +encodePrefix(const SECOidData *hashOid, unsigned int digestLen, | ||
495 | + pkcs1Prefix *prefix, PRBool withParams) | ||
496 | +{ | ||
497 | + /* with params coding is: | ||
498 | + * Sequence (2 bytes) { | ||
499 | + * Sequence (2 bytes) { | ||
500 | + * Oid (2 bytes) { | ||
501 | + * Oid value (derOid->oid.len) | ||
502 | + * } | ||
503 | + * NULL (2 bytes) | ||
504 | + * } | ||
505 | + * OCTECT (2 bytes); | ||
506 | + * | ||
507 | + * without params coding is: | ||
508 | + * Sequence (2 bytes) { | ||
509 | + * Sequence (2 bytes) { | ||
510 | + * Oid (2 bytes) { | ||
511 | + * Oid value (derOid->oid.len) | ||
512 | + * } | ||
513 | + * } | ||
514 | + * OCTECT (2 bytes); | ||
515 | + */ | ||
516 | + | ||
517 | + unsigned int innerSeqLen = 2 + hashOid->oid.len; | ||
518 | + unsigned int outerSeqLen = 2 + innerSeqLen + 2 + digestLen; | ||
519 | + unsigned int extra = 0; | ||
520 | + | ||
521 | + if (withParams) { | ||
522 | + innerSeqLen += 2; | ||
523 | + outerSeqLen += 2; | ||
524 | + extra = 2; | ||
525 | + } | ||
526 | + | ||
527 | + if (innerSeqLen >= 128 || | ||
528 | + outerSeqLen >= 128 || | ||
529 | + (outerSeqLen + 2 - digestLen) > | ||
530 | + (MAX_PREFIX_LEN_EXCLUDING_OID + hashOid->oid.len)) { | ||
531 | + /* this is actually a library failure, It shouldn't happen */ | ||
532 | + PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
533 | + return SECFailure; | ||
534 | + } | ||
535 | + | ||
536 | + prefix->len = 6 + hashOid->oid.len + extra + 2; | ||
537 | + prefix->data = PORT_Alloc(prefix->len); | ||
538 | + if (!prefix->data) { | ||
539 | + PORT_SetError(SEC_ERROR_NO_MEMORY); | ||
540 | + return SECFailure; | ||
541 | + } | ||
542 | + | ||
543 | + prefix->data[0] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED; | ||
544 | + prefix->data[1] = outerSeqLen; | ||
545 | + prefix->data[2] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED; | ||
546 | + prefix->data[3] = innerSeqLen; | ||
547 | + prefix->data[4] = SEC_ASN1_OBJECT_ID; | ||
548 | + prefix->data[5] = hashOid->oid.len; | ||
549 | + PORT_Memcpy(&prefix->data[6], hashOid->oid.data, hashOid->oid.len); | ||
550 | + if (withParams) { | ||
551 | + prefix->data[6 + hashOid->oid.len] = SEC_ASN1_NULL; | ||
552 | + prefix->data[6 + hashOid->oid.len + 1] = 0; | ||
553 | + } | ||
554 | + prefix->data[6 + hashOid->oid.len + extra] = SEC_ASN1_OCTET_STRING; | ||
555 | + prefix->data[6 + hashOid->oid.len + extra + 1] = digestLen; | ||
556 | + | ||
557 | + return SECSuccess; | ||
558 | +} | ||
559 | + | ||
560 | +SECStatus | ||
561 | +_SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg, | ||
562 | + const SECItem* digest, | ||
563 | + const SECItem* dataRecoveredFromSignature, | ||
564 | + PRBool unsafeAllowMissingParameters) | ||
565 | +{ | ||
566 | + SECOidData *hashOid; | ||
567 | + pkcs1Prefixes pp; | ||
568 | + const pkcs1Prefix* expectedPrefix; | ||
569 | + SECStatus rv, rv2, rv3; | ||
570 | + | ||
571 | + if (!digest || !digest->data || | ||
572 | + !dataRecoveredFromSignature || !dataRecoveredFromSignature->data) { | ||
573 | + PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
574 | + return SECFailure; | ||
575 | + } | ||
576 | + | ||
577 | + hashOid = SECOID_FindOIDByTag(digestAlg); | ||
578 | + if (hashOid == NULL) { | ||
579 | + PORT_SetError(SEC_ERROR_INVALID_ARGS); | ||
580 | + return SECFailure; | ||
581 | + } | ||
582 | + | ||
583 | + pp.digestLen = digest->len; | ||
584 | + pp.prefixWithParams.data = NULL; | ||
585 | + pp.prefixWithoutParams.data = NULL; | ||
586 | + | ||
587 | + rv2 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithParams, PR_TRUE); | ||
588 | + rv3 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithoutParams, PR_FALSE); | ||
589 | + | ||
590 | + rv = SECSuccess; | ||
591 | + if (rv2 != SECSuccess || rv3 != SECSuccess) { | ||
592 | + rv = SECFailure; | ||
593 | + } | ||
594 | + | ||
595 | + if (rv == SECSuccess) { | ||
596 | + /* We don't attempt to avoid timing attacks on these comparisons because | ||
597 | + * signature verification is a public key operation, not a private key | ||
598 | + * operation. | ||
599 | + */ | ||
600 | + | ||
601 | + if (dataRecoveredFromSignature->len == | ||
602 | + pp.prefixWithParams.len + pp.digestLen) { | ||
603 | + expectedPrefix = &pp.prefixWithParams; | ||
604 | + } else if (unsafeAllowMissingParameters && | ||
605 | + dataRecoveredFromSignature->len == | ||
606 | + pp.prefixWithoutParams.len + pp.digestLen) { | ||
607 | + expectedPrefix = &pp.prefixWithoutParams; | ||
608 | + } else { | ||
609 | + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
610 | + rv = SECFailure; | ||
611 | + } | ||
612 | + } | ||
613 | + | ||
614 | + if (rv == SECSuccess) { | ||
615 | + if (memcmp(dataRecoveredFromSignature->data, expectedPrefix->data, | ||
616 | + expectedPrefix->len) || | ||
617 | + memcmp(dataRecoveredFromSignature->data + expectedPrefix->len, | ||
618 | + digest->data, digest->len)) { | ||
619 | + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); | ||
620 | + rv = SECFailure; | ||
621 | + } | ||
622 | + } | ||
623 | + | ||
624 | + if (pp.prefixWithParams.data) { | ||
625 | + PORT_Free(pp.prefixWithParams.data); | ||
626 | + } | ||
627 | + if (pp.prefixWithoutParams.data) { | ||
628 | + PORT_Free(pp.prefixWithoutParams.data); | ||
629 | + } | ||
630 | + | ||
631 | + return rv; | ||
632 | +} | ||
633 | diff --git a/nss/lib/util/pkcs1sig.h b/nss/lib/util/pkcs1sig.h | ||
634 | new file mode 100644 | ||
635 | index 0000000..7c52b15 | ||
636 | --- /dev/null | ||
637 | +++ b/nss/lib/util/pkcs1sig.h | ||
638 | @@ -0,0 +1,30 @@ | ||
639 | +/* This Source Code Form is subject to the terms of the Mozilla Public | ||
640 | + * License, v. 2.0. If a copy of the MPL was not distributed with this | ||
641 | + * file, You can obtain one at http://mozilla.org/MPL/2.0/. | ||
642 | + */ | ||
643 | + | ||
644 | +#ifndef _PKCS1SIG_H_ | ||
645 | +#define _PKCS1SIG_H_ | ||
646 | + | ||
647 | +#include "hasht.h" | ||
648 | +#include "seccomon.h" | ||
649 | +#include "secoidt.h" | ||
650 | + | ||
651 | +/* SGN_VerifyPKCS1DigestInfo verifies that the length of the digest is correct | ||
652 | + * for the given algorithm, then verifies that the recovered data from the | ||
653 | + * PKCS#1 signature is a properly-formatted DigestInfo that identifies the | ||
654 | + * given digest algorithm, then verifies that the digest in the DigestInfo | ||
655 | + * matches the given digest. | ||
656 | + * | ||
657 | + * dataRecoveredFromSignature must be the result of calling PK11_VerifyRecover | ||
658 | + * or equivalent. | ||
659 | + * | ||
660 | + * If unsafeAllowMissingParameters is true (not recommended), then a DigestInfo | ||
661 | + * without the mandatory ASN.1 NULL parameter will also be accepted. | ||
662 | + */ | ||
663 | +SECStatus _SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg, | ||
664 | + const SECItem* digest, | ||
665 | + const SECItem* dataRecoveredFromSignature, | ||
666 | + PRBool unsafeAllowMissingParameters); | ||
667 | + | ||
668 | +#endif /* _PKCS1SIG_H_ */ | ||
669 | -- | ||
670 | 1.7.9.5 | ||
diff --git a/meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch b/meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch new file mode 100644 index 0000000000..547594d5b6 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch | |||
@@ -0,0 +1,110 @@ | |||
1 | nss: fix incorrect shebang of perl | ||
2 | |||
3 | Replace incorrect shebang of perl with `#!/usr/bin/env perl'. | ||
4 | |||
5 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
6 | Upstream-Status: Pending | ||
7 | --- | ||
8 | nss/cmd/smimetools/smime | 2 +- | ||
9 | nss/coreconf/cpdist.pl | 2 +- | ||
10 | nss/coreconf/import.pl | 2 +- | ||
11 | nss/coreconf/jniregen.pl | 2 +- | ||
12 | nss/coreconf/outofdate.pl | 2 +- | ||
13 | nss/coreconf/release.pl | 2 +- | ||
14 | nss/coreconf/version.pl | 2 +- | ||
15 | nss/tests/clean_tbx | 2 +- | ||
16 | nss/tests/path_uniq | 2 +- | ||
17 | 9 files changed, 9 insertions(+), 9 deletions(-) | ||
18 | |||
19 | diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime | ||
20 | --- a/nss/cmd/smimetools/smime | ||
21 | +++ b/nss/cmd/smimetools/smime | ||
22 | @@ -1,4 +1,4 @@ | ||
23 | -#!/usr/local/bin/perl | ||
24 | +#!/usr/bin/env perl | ||
25 | |||
26 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
27 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
28 | diff --git a/nss/coreconf/cpdist.pl b/nss/coreconf/cpdist.pl | ||
29 | index 800edfb..652187f 100755 | ||
30 | --- a/nss/coreconf/cpdist.pl | ||
31 | +++ b/nss/coreconf/cpdist.pl | ||
32 | @@ -1,4 +1,4 @@ | ||
33 | -#! /usr/local/bin/perl | ||
34 | +#!/usr/bin/env perl | ||
35 | # | ||
36 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
37 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
38 | diff --git a/nss/coreconf/import.pl b/nss/coreconf/import.pl | ||
39 | index dd2d177..428eaa5 100755 | ||
40 | --- a/nss/coreconf/import.pl | ||
41 | +++ b/nss/coreconf/import.pl | ||
42 | @@ -1,4 +1,4 @@ | ||
43 | -#! /usr/local/bin/perl | ||
44 | +#!/usr/bin/env perl | ||
45 | # | ||
46 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
47 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
48 | diff --git a/nss/coreconf/jniregen.pl b/nss/coreconf/jniregen.pl | ||
49 | index 2039180..5f4f69c 100755 | ||
50 | --- a/nss/coreconf/jniregen.pl | ||
51 | +++ b/nss/coreconf/jniregen.pl | ||
52 | @@ -1,4 +1,4 @@ | ||
53 | -#!/usr/local/bin/perl | ||
54 | +#!/usr/bin/env perl | ||
55 | # | ||
56 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
57 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
58 | diff --git a/nss/coreconf/outofdate.pl b/nss/coreconf/outofdate.pl | ||
59 | index 33d80bb..01fc097 100755 | ||
60 | --- a/nss/coreconf/outofdate.pl | ||
61 | +++ b/nss/coreconf/outofdate.pl | ||
62 | @@ -1,4 +1,4 @@ | ||
63 | -#!/usr/local/bin/perl | ||
64 | +#!/usr/bin/env perl | ||
65 | # | ||
66 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
67 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
68 | diff --git a/nss/coreconf/release.pl b/nss/coreconf/release.pl | ||
69 | index 7cde19d..b5df2f6 100755 | ||
70 | --- a/nss/coreconf/release.pl | ||
71 | +++ b/nss/coreconf/release.pl | ||
72 | @@ -1,4 +1,4 @@ | ||
73 | -#! /usr/local/bin/perl | ||
74 | +#!/usr/bin/env perl | ||
75 | # | ||
76 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
77 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
78 | diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl | ||
79 | index d2a4942..79359fe 100644 | ||
80 | --- a/nss/coreconf/version.pl | ||
81 | +++ b/nss/coreconf/version.pl | ||
82 | @@ -1,4 +1,4 @@ | ||
83 | -#!/usr/sbin/perl | ||
84 | +#!/usr/bin/env perl | ||
85 | # | ||
86 | # This Source Code Form is subject to the terms of the Mozilla Public | ||
87 | # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
88 | diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx | ||
89 | index 4de9555..a7def9f 100755 | ||
90 | --- a/nss/tests/clean_tbx | ||
91 | +++ b/nss/tests/clean_tbx | ||
92 | @@ -1,4 +1,4 @@ | ||
93 | -#! /bin/perl | ||
94 | +#!/usr/bin/env perl | ||
95 | |||
96 | ####################################################################### | ||
97 | # | ||
98 | diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq | ||
99 | index f29f60a..08fbffa 100755 | ||
100 | --- a/nss/tests/path_uniq | ||
101 | +++ b/nss/tests/path_uniq | ||
102 | @@ -1,4 +1,4 @@ | ||
103 | -#! /bin/perl | ||
104 | +#!/usr/bin/env perl | ||
105 | |||
106 | ######################################################################## | ||
107 | # | ||
108 | -- | ||
109 | 1.8.1.2 | ||
110 | |||
diff --git a/meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch b/meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch new file mode 100644 index 0000000000..f0b3550bff --- /dev/null +++ b/meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | nss: fix support cross compiling | ||
2 | |||
3 | Let some make variables be assigned from outside makefile. | ||
4 | |||
5 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
6 | Upstream-Status: Inappropriate [configuration] | ||
7 | --- | ||
8 | nss/coreconf/Linux.mk | 12 +++++++++++- | ||
9 | nss/coreconf/arch.mk | 2 +- | ||
10 | nss/lib/freebl/Makefile | 6 ++++++ | ||
11 | 3 files changed, 18 insertions(+), 2 deletions(-) | ||
12 | |||
13 | diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk | ||
14 | --- a/nss/coreconf/Linux.mk | ||
15 | +++ b/nss/coreconf/Linux.mk | ||
16 | @@ -16,11 +16,21 @@ ifeq ($(USE_PTHREADS),1) | ||
17 | IMPL_STRATEGY = _PTH | ||
18 | endif | ||
19 | |||
20 | +ifndef CC | ||
21 | CC = gcc | ||
22 | +endif | ||
23 | + | ||
24 | +ifdef CXX | ||
25 | +CCC = $(CXX) | ||
26 | +else | ||
27 | CCC = g++ | ||
28 | +endif | ||
29 | + | ||
30 | +ifndef RANLIB | ||
31 | RANLIB = ranlib | ||
32 | +endif | ||
33 | |||
34 | -DEFAULT_COMPILER = gcc | ||
35 | +DEFAULT_COMPILER = $(CC) | ||
36 | |||
37 | ifeq ($(OS_TARGET),Android) | ||
38 | ifndef ANDROID_NDK | ||
39 | diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk | ||
40 | index 6557348..b722412 100644 | ||
41 | --- a/nss/coreconf/arch.mk | ||
42 | +++ b/nss/coreconf/arch.mk | ||
43 | @@ -37,7 +37,7 @@ OS_TEST := $(shell uname -m) | ||
44 | ifeq ($(OS_TEST),i86pc) | ||
45 | OS_RELEASE := $(shell uname -r)_$(OS_TEST) | ||
46 | else | ||
47 | - OS_RELEASE := $(shell uname -r) | ||
48 | + OS_RELEASE ?= $(shell uname -r) | ||
49 | endif | ||
50 | |||
51 | # | ||
52 | diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile | ||
53 | index 0d293f1..678f506 100644 | ||
54 | --- a/nss/lib/freebl/Makefile | ||
55 | +++ b/nss/lib/freebl/Makefile | ||
56 | @@ -36,6 +36,12 @@ ifdef USE_64 | ||
57 | DEFINES += -DNSS_USE_64 | ||
58 | endif | ||
59 | |||
60 | +ifeq ($(OS_TEST),mips) | ||
61 | +ifndef USE_64 | ||
62 | + DEFINES += -DNS_PTR_LE_32 | ||
63 | +endif | ||
64 | +endif | ||
65 | + | ||
66 | ifdef USE_ABI32_FPU | ||
67 | DEFINES += -DNSS_USE_ABI32_FPU | ||
68 | endif | ||
69 | -- | ||
70 | 1.8.1.2 | ||
71 | |||
diff --git a/meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch b/meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch new file mode 100644 index 0000000000..7661dc93a0 --- /dev/null +++ b/meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | nss:no rpath for cross compiling | ||
2 | |||
3 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
4 | Upstream-Status: Inappropriate [configuration] | ||
5 | --- | ||
6 | nss/cmd/platlibs.mk | 4 ++-- | ||
7 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
8 | |||
9 | diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk | ||
10 | --- a/nss/cmd/platlibs.mk | ||
11 | +++ b/nss/cmd/platlibs.mk | ||
12 | @@ -18,9 +18,9 @@ endif | ||
13 | |||
14 | ifeq ($(OS_ARCH), Linux) | ||
15 | ifeq ($(USE_64), 1) | ||
16 | -EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' | ||
17 | +#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' | ||
18 | else | ||
19 | -EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' | ||
20 | +#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' | ||
21 | endif | ||
22 | endif | ||
23 | |||
24 | -- | ||
25 | 1.8.1.2 | ||
26 | |||
diff --git a/meta/recipes-support/nss/files/nss.pc.in b/meta/recipes-support/nss/files/nss.pc.in new file mode 100644 index 0000000000..200f635c65 --- /dev/null +++ b/meta/recipes-support/nss/files/nss.pc.in | |||
@@ -0,0 +1,11 @@ | |||
1 | prefix=OEPREFIX | ||
2 | exec_prefix=OEEXECPREFIX | ||
3 | libdir=OELIBDIR | ||
4 | includedir=OEINCDIR | ||
5 | |||
6 | Name: NSS | ||
7 | Description: Network Security Services | ||
8 | Version: %NSS_VERSION% | ||
9 | Requires: nspr >= %NSPR_VERSION% | ||
10 | Libs: -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3 | ||
11 | Cflags: -IOEINCDIR | ||
diff --git a/meta/recipes-support/nss/files/signlibs.sh b/meta/recipes-support/nss/files/signlibs.sh new file mode 100644 index 0000000000..1ec79f4576 --- /dev/null +++ b/meta/recipes-support/nss/files/signlibs.sh | |||
@@ -0,0 +1,20 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | # signlibs.sh | ||
4 | # | ||
5 | # (c)2010 Wind River Systems, Inc. | ||
6 | # | ||
7 | # regenerates the .chk files for the NSS libraries that require it | ||
8 | # since the ones that are built have incorrect checksums that were | ||
9 | # calculated on the host where they really need to be done on the | ||
10 | # target | ||
11 | |||
12 | CHK_FILES=`find /lib* /usr/lib* -name "*.chk"` | ||
13 | SIGN_BINARY=`which shlibsign` | ||
14 | for I in $CHK_FILES | ||
15 | do | ||
16 | DN=`dirname $I` | ||
17 | BN=`basename $I .chk` | ||
18 | FN=$DN/$BN.so | ||
19 | $SIGN_BINARY -i $FN | ||
20 | done | ||
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc new file mode 100644 index 0000000000..008bdad5c7 --- /dev/null +++ b/meta/recipes-support/nss/nss.inc | |||
@@ -0,0 +1,215 @@ | |||
1 | SUMMARY = "Mozilla's SSL and TLS implementation" | ||
2 | DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ | ||
3 | designed to support cross-platform development of \ | ||
4 | security-enabled client and server applications. \ | ||
5 | Applications built with NSS can support SSL v2 and v3, \ | ||
6 | TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ | ||
7 | v3 certificates, and other security standards." | ||
8 | HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" | ||
9 | SECTION = "libs" | ||
10 | |||
11 | LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" | ||
12 | |||
13 | LIC_FILES_CHKSUM = "file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ | ||
14 | file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=6bf96825e3d7ce4de25621ae886cc859" | ||
15 | SRC_URI = "\ | ||
16 | file://nss-fix-support-cross-compiling.patch \ | ||
17 | file://nss-no-rpath-for-cross-compiling.patch \ | ||
18 | file://nss-fix-incorrect-shebang-of-perl.patch \ | ||
19 | file://nss-3.15.1-fix-CVE-2013-1741.patch \ | ||
20 | file://nss-3.15.1-fix-CVE-2013-5605.patch \ | ||
21 | file://nss-CVE-2014-1492.patch \ | ||
22 | file://nss-CVE-2013-1740.patch \ | ||
23 | file://nss-3.15.1-fix-CVE-2013-1739.patch \ | ||
24 | file://nss-CVE-2013-5606.patch \ | ||
25 | file://nss-CVE-2014-1544.patch \ | ||
26 | file://nss-CVE-2014-1568.patch \ | ||
27 | " | ||
28 | SRC_URI_append = "\ | ||
29 | file://nss.pc.in \ | ||
30 | file://signlibs.sh \ | ||
31 | " | ||
32 | inherit siteinfo | ||
33 | PR = "r0" | ||
34 | DEPENDS = "sqlite3 nspr zlib nss-native" | ||
35 | DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" | ||
36 | RDEPENDS_${PN} = "perl" | ||
37 | |||
38 | TD = "${S}/tentative-dist" | ||
39 | TDS = "${S}/tentative-dist-staging" | ||
40 | |||
41 | TARGET_CC_ARCH += "${LDFLAGS}" | ||
42 | |||
43 | do_compile_prepend_class-native() { | ||
44 | export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE} | ||
45 | export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} | ||
46 | } | ||
47 | |||
48 | do_compile_prepend_class-nativesdk() { | ||
49 | export LDFLAGS="" | ||
50 | } | ||
51 | |||
52 | do_compile() { | ||
53 | export CROSS_COMPILE=1 | ||
54 | export NATIVE_CC="gcc" | ||
55 | export BUILD_OPT=1 | ||
56 | |||
57 | export FREEBL_NO_DEPEND=1 | ||
58 | export FREEBL_LOWHASH=1 | ||
59 | |||
60 | export LIBDIR=${libdir} | ||
61 | export MOZILLA_CLIENT=1 | ||
62 | export NS_USE_GCC=1 | ||
63 | export NSS_USE_SYSTEM_SQLITE=1 | ||
64 | export NSS_ENABLE_ECC=1 | ||
65 | |||
66 | export OS_RELEASE=3.4 | ||
67 | export OS_TARGET=Linux | ||
68 | export OS_ARCH=Linux | ||
69 | |||
70 | if [ "${TARGET_ARCH}" = "powerpc" ]; then | ||
71 | OS_TEST=ppc | ||
72 | elif [ "${TARGET_ARCH}" = "powerpc64" ]; then | ||
73 | OS_TEST=ppc64 | ||
74 | elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then | ||
75 | OS_TEST=mips | ||
76 | else | ||
77 | OS_TEST="${TARGET_ARCH}" | ||
78 | fi | ||
79 | |||
80 | if [ "${SITEINFO_BITS}" = "64" ]; then | ||
81 | export USE_64=1 | ||
82 | fi | ||
83 | |||
84 | make -C ./nss CCC="${CXX}" \ | ||
85 | OS_TEST=${OS_TEST} \ | ||
86 | } | ||
87 | |||
88 | |||
89 | do_install_prepend_class-nativesdk() { | ||
90 | export LDFLAGS="" | ||
91 | } | ||
92 | |||
93 | do_install() { | ||
94 | export CROSS_COMPILE=1 | ||
95 | export NATIVE_CC="gcc" | ||
96 | export BUILD_OPT=1 | ||
97 | |||
98 | export FREEBL_NO_DEPEND=1 | ||
99 | |||
100 | export LIBDIR=${libdir} | ||
101 | export MOZILLA_CLIENT=1 | ||
102 | export NS_USE_GCC=1 | ||
103 | export NSS_USE_SYSTEM_SQLITE=1 | ||
104 | export NSS_ENABLE_ECC=1 | ||
105 | |||
106 | export OS_RELEASE=3.4 | ||
107 | export OS_TARGET=Linux | ||
108 | export OS_ARCH=Linux | ||
109 | |||
110 | if [ "${TARGET_ARCH}" = "powerpc" ]; then | ||
111 | OS_TEST=ppc | ||
112 | elif [ "${TARGET_ARCH}" = "powerpc64" ]; then | ||
113 | OS_TEST=ppc64 | ||
114 | elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then | ||
115 | OS_TEST=mips | ||
116 | else | ||
117 | OS_TEST="${TARGET_ARCH}" | ||
118 | fi | ||
119 | if [ "${SITEINFO_BITS}" = "64" ]; then | ||
120 | export USE_64=1 | ||
121 | fi | ||
122 | |||
123 | make -C ./nss \ | ||
124 | CCC="${CXX}" \ | ||
125 | OS_TEST=${OS_TEST} \ | ||
126 | SOURCE_LIB_DIR="${TD}/${libdir}" \ | ||
127 | SOURCE_BIN_DIR="${TD}/${bindir}" \ | ||
128 | install | ||
129 | |||
130 | install -d ${D}/${libdir}/ | ||
131 | for file in ${S}/dist/*.OBJ/lib/*.so; do | ||
132 | echo "Installing `basename $file`..." | ||
133 | cp $file ${D}/${libdir}/ | ||
134 | done | ||
135 | |||
136 | for shared_lib in ${TD}/${libdir}/*.so.*; do | ||
137 | if [ -f $shared_lib ]; then | ||
138 | cp $shared_lib ${D}/${libdir} | ||
139 | ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) | ||
140 | fi | ||
141 | done | ||
142 | for shared_lib in ${TD}/${libdir}/*.so; do | ||
143 | if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then | ||
144 | cp $shared_lib ${D}/${libdir} | ||
145 | fi | ||
146 | done | ||
147 | |||
148 | install -d ${D}/${includedir}/nss3 | ||
149 | install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* | ||
150 | |||
151 | install -d ${D}/${bindir} | ||
152 | for binary in ${TD}/${bindir}/*; do | ||
153 | install -m 755 -t ${D}/${bindir} $binary | ||
154 | done | ||
155 | } | ||
156 | |||
157 | do_install_append() { | ||
158 | # Create empty .chk files for the NSS libraries at build time. They could | ||
159 | # be regenerated at target's boot time. | ||
160 | for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do | ||
161 | touch ${D}/${libdir}/$file | ||
162 | chmod 755 ${D}/${libdir}/$file | ||
163 | done | ||
164 | install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh | ||
165 | |||
166 | install -d ${D}${libdir}/pkgconfig/ | ||
167 | sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc | ||
168 | sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc | ||
169 | sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc | ||
170 | sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc | ||
171 | sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc | ||
172 | } | ||
173 | |||
174 | do_install_append_class-target() { | ||
175 | # Create a blank certificate | ||
176 | mkdir -p ${D}${sysconfdir}/pki/nssdb/ | ||
177 | touch ./empty_password | ||
178 | certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password | ||
179 | chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db | ||
180 | rm ./empty_password | ||
181 | } | ||
182 | |||
183 | pkg_postinst_${PN} () { | ||
184 | if [ -n "$D" ]; then | ||
185 | for I in $D/${libdir}/lib*.chk; do | ||
186 | DN=`dirname $I` | ||
187 | BN=`basename $I .chk` | ||
188 | FN=$DN/$BN.so | ||
189 | shlibsign -i $FN | ||
190 | if [ $? -ne 0 ]; then | ||
191 | exit 1 | ||
192 | fi | ||
193 | done | ||
194 | exit 0 | ||
195 | fi | ||
196 | signlibs.sh | ||
197 | } | ||
198 | |||
199 | FILES_${PN} = "\ | ||
200 | ${sysconfdir} \ | ||
201 | ${bindir} \ | ||
202 | ${libdir}/lib*.chk \ | ||
203 | ${libdir}/lib*.so \ | ||
204 | " | ||
205 | FILES_${PN}-dev = "\ | ||
206 | ${libdir}/nss \ | ||
207 | ${libdir}/pkgconfig/* \ | ||
208 | ${includedir}/* \ | ||
209 | " | ||
210 | FILES_${PN}-dbg = "\ | ||
211 | ${bindir}/.debug/* \ | ||
212 | ${libdir}/.debug/* \ | ||
213 | " | ||
214 | |||
215 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta/recipes-support/nss/nss_3.15.1.bb b/meta/recipes-support/nss/nss_3.15.1.bb new file mode 100644 index 0000000000..7b06f00cde --- /dev/null +++ b/meta/recipes-support/nss/nss_3.15.1.bb | |||
@@ -0,0 +1,9 @@ | |||
1 | require nss.inc | ||
2 | |||
3 | SRC_URI += "\ | ||
4 | http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/${BPN}-${PV}.tar.gz \ | ||
5 | " | ||
6 | |||
7 | SRC_URI[md5sum] = "fb68f4d210ac9397dd0d3c39c4f938eb" | ||
8 | SRC_URI[sha256sum] = "f994106a33d1f3210f4151bbb3419a1c28fd1cb545caa7dc9afdebd6da626284" | ||
9 | |||