nss: fix CVE-2021-43527

Backport patch to fix CVE-2021-43527. Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Sakib Sajal <sakib.sajal@windriver.com> 2021-12-16 18:13:45 -0500
committer: Armin Kuster <akuster808@gmail.com> 2021-12-27 14:44:57 -0800
commit: 475ff6954c7c78ea0b2bf6741c46973b1756d3c1 (patch)
tree: 6ac48ab8d8dd261a3c00014e956a4890f02572a8 /meta-oe
parent: 944966b53b385495ab6fc020ad3fcc02cbafe211 (diff)
download: meta-openembedded-475ff6954c7c78ea0b2bf6741c46973b1756d3c1.tar.gz
2 files changed, 298 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch
new file mode 100644
index 0000000000..dff07de92f
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch
@@ -0,0 +1,297 @@
+From 7c6fb56c3bcafa96c0bc87350f0f9e85f002a254 Mon Sep 17 00:00:00 2001
+From: Dennis Jackson <djackson@mozilla.com>
+Date: Mon, 22 Nov 2021 10:40:42 +0000
+Subject: [PATCH] Bug 1737470 - Ensure DER encoded signatures are within size
+ limits. r=jschanck,mt,bbeurdouche,rrelyea
+Differential Revision: https://phabricator.services.mozilla.com/D129514
+--HG--
+branch : NSS_3_68_1_BRANCH
+Upstream-Status: Backport [7c6fb56c3bcafa96c0bc87350f0f9e85f002a254]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ lib/cryptohi/secvfy.c | 192 ++++++++++++++++++++++++++----------------
+ 1 file changed, 121 insertions(+), 71 deletions(-)
+diff --git a/nss/lib/cryptohi/secvfy.c b/nss/lib/cryptohi/secvfy.c
+index 2540a544c..17545848c 100644
+--- a/nss/lib/cryptohi/secvfy.c
+++ b/nss/lib/cryptohi/secvfy.c
+@@ -164,6 +164,37 @@ verifyPKCS1DigestInfo(const VFYContext *cx, const SECItem *digest)
+         PR_FALSE /*XXX: unsafeAllowMissingParameters*/);
+ }
+ 
+static unsigned int
+checkedSignatureLen(const SECKEYPublicKey *pubk)
+{
+    unsigned int sigLen = SECKEY_SignatureLen(pubk);
+    if (sigLen == 0) {
+        /* Error set by SECKEY_SignatureLen */
+        return sigLen;
+    }
+    unsigned int maxSigLen;
+    switch (pubk->keyType) {
+        case rsaKey:
+        case rsaPssKey:
+            maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
+            break;
+        case dsaKey:
+            maxSigLen = DSA_MAX_SIGNATURE_LEN;
+            break;
+        case ecKey:
+            maxSigLen = 2 * MAX_ECKEY_LEN;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+            return 0;
+    }
+    if (sigLen > maxSigLen) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return 0;
+    }
+    return sigLen;
+}
+
+ /*
+  * decode the ECDSA or DSA signature from it's DER wrapping.
+  * The unwrapped/raw signature is placed in the buffer pointed
+@@ -174,38 +205,38 @@ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
+                        unsigned int len)
+ {
+     SECItem *dsasig = NULL; /* also used for ECDSA */
+-    SECStatus rv = SECSuccess;
+ 
+-    if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+-        (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+-        if (sig->len != len) {
+-            PORT_SetError(SEC_ERROR_BAD_DER);
+-            return SECFailure;
+    /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
+    if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
+        if (len > DSA_MAX_SIGNATURE_LEN) {
+            goto loser;
+         }
+-
+-        PORT_Memcpy(dsig, sig->data, sig->len);
+-        return SECSuccess;
+-    }
+-
+-    if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+    } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+         if (len > MAX_ECKEY_LEN * 2) {
+-            PORT_SetError(SEC_ERROR_BAD_DER);
+-            return SECFailure;
+            goto loser;
+         }
+-    }
+-    dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+-
+-    if ((dsasig == NULL) || (dsasig->len != len)) {
+-        rv = SECFailure;
+     } else {
+-        PORT_Memcpy(dsig, dsasig->data, dsasig->len);
+        goto loser;
+     }
+ 
+-    if (dsasig != NULL)
+    /* Decode and pad to length */
+    dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+    if (dsasig == NULL) {
+        goto loser;
+    }
+    if (dsasig->len != len) {
+         SECITEM_FreeItem(dsasig, PR_TRUE);
+-    if (rv == SECFailure)
+-        PORT_SetError(SEC_ERROR_BAD_DER);
+-    return rv;
+        goto loser;
+    }
+
+    PORT_Memcpy(dsig, dsasig->data, len);
+    SECITEM_FreeItem(dsasig, PR_TRUE);
+
+    return SECSuccess;
+
+loser:
+    PORT_SetError(SEC_ERROR_BAD_DER);
+    return SECFailure;
+ }
+ 
+ const SEC_ASN1Template hashParameterTemplate[] =
+@@ -281,7 +312,7 @@ SECStatus
+ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+                  const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg)
+ {
+-    int len;
+    unsigned int len;
+     PLArenaPool *arena;
+     SECStatus rv;
+     SECItem oid;
+@@ -466,48 +497,52 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
+     cx->pkcs1RSADigestInfo = NULL;
+     rv = SECSuccess;
+     if (sig) {
+-        switch (type) {
+-            case rsaKey:
+-                rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+-                                            &cx->pkcs1RSADigestInfo,
+-                                            &cx->pkcs1RSADigestInfoLen,
+-                                            cx->key,
+-                                            sig, wincx);
+-                break;
+-            case rsaPssKey:
+-                sigLen = SECKEY_SignatureLen(key);
+-                if (sigLen == 0) {
+-                    /* error set by SECKEY_SignatureLen */
+-                    rv = SECFailure;
+        rv = SECFailure;
+        if (type == rsaKey) {
+            rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+                                        &cx->pkcs1RSADigestInfo,
+                                        &cx->pkcs1RSADigestInfoLen,
+                                        cx->key,
+                                        sig, wincx);
+        } else {
+            sigLen = checkedSignatureLen(key);
+            /* Check signature length is within limits */
+            if (sigLen == 0) {
+                /* error set by checkedSignatureLen */
+                rv = SECFailure;
+                goto loser;
+            }
+            if (sigLen > sizeof(cx->u)) {
+                PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                rv = SECFailure;
+                goto loser;
+            }
+            switch (type) {
+                case rsaPssKey:
+                    if (sig->len != sigLen) {
+                        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                        rv = SECFailure;
+                        goto loser;
+                    }
+                    PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+                    rv = SECSuccess;
+                     break;
+-                }
+-                if (sig->len != sigLen) {
+-                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+-                    rv = SECFailure;
+                case ecKey:
+                case dsaKey:
+                    /* decodeECorDSASignature will check sigLen == sig->len after padding */
+                    rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+                     break;
+-                }
+-                PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+-                break;
+-            case dsaKey:
+-            case ecKey:
+-                sigLen = SECKEY_SignatureLen(key);
+-                if (sigLen == 0) {
+-                    /* error set by SECKEY_SignatureLen */
+                default:
+                    /* Unreachable */
+                     rv = SECFailure;
+-                    break;
+-                }
+-                rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+-                break;
+-            default:
+-                rv = SECFailure;
+-                PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+-                break;
+                    goto loser;
+            }
+        }
+        if (rv != SECSuccess) {
+            goto loser;
+         }
+     }
+ 
+-    if (rv)
+-        goto loser;
+-
+     /* check hash alg again, RSA may have changed it.*/
+     if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+         /* error set by HASH_GetHashTypeByOidTag */
+@@ -650,11 +685,16 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
+     switch (cx->key->keyType) {
+         case ecKey:
+         case dsaKey:
+-            dsasig.data = cx->u.buffer;
+-            dsasig.len = SECKEY_SignatureLen(cx->key);
+            dsasig.len = checkedSignatureLen(cx->key);
+             if (dsasig.len == 0) {
+                 return SECFailure;
+             }
+            if (dsasig.len > sizeof(cx->u)) {
+                PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                return SECFailure;
+            }
+            dsasig.data = cx->u.buffer;
+
+             if (sig) {
+                 rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+                                             dsasig.len);
+@@ -686,8 +726,13 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
+                 }
+ 
+                 rsasig.data = cx->u.buffer;
+-                rsasig.len = SECKEY_SignatureLen(cx->key);
+                rsasig.len = checkedSignatureLen(cx->key);
+                 if (rsasig.len == 0) {
+                    /* Error set by checkedSignatureLen */
+                    return SECFailure;
+                }
+                if (rsasig.len > sizeof(cx->u)) {
+                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                     return SECFailure;
+                 }
+                 if (sig) {
+@@ -749,7 +794,6 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+     SECStatus rv;
+     VFYContext *cx;
+     SECItem dsasig; /* also used for ECDSA */
+-
+     rv = SECFailure;
+ 
+     cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+@@ -757,19 +801,25 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+         switch (key->keyType) {
+             case rsaKey:
+                 rv = verifyPKCS1DigestInfo(cx, digest);
+                /* Error (if any) set by verifyPKCS1DigestInfo */
+                 break;
+-            case dsaKey:
+             case ecKey:
+            case dsaKey:
+                 dsasig.data = cx->u.buffer;
+-                dsasig.len = SECKEY_SignatureLen(cx->key);
+                dsasig.len = checkedSignatureLen(cx->key);
+                 if (dsasig.len == 0) {
+                    /* Error set by checkedSignatureLen */
+                    rv = SECFailure;
+                     break;
+                 }
+-                if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+-                    SECSuccess) {
+                if (dsasig.len > sizeof(cx->u)) {
+                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                    rv = SECFailure;
+                    break;
+                }
+                rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
+                if (rv != SECSuccess) {
+                     PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+-                } else {
+-                    rv = SECSuccess;
+                 }
+                 break;
+             default:
+-- 
+2.25.1
diff --git a/meta-oe/recipes-support/nss/nss_3.64.bb b/meta-oe/recipes-support/nss/nss_3.64.bb
index 97193aff5c..ccb5201d49 100644
--- a/meta-oe/recipes-support/nss/nss_3.64.bb
+++ b/meta-oe/recipes-support/nss/nss_3.64.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
           file://system-pkcs11.txt \
           file://nss-fix-nsinstall-build.patch \
           file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
+           file://0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch \
           "
 SRC_URI[sha256sum] = "d3175427172e9c3a6f1ebc74452cb791590f28191c6a1a443dbc0d87c9df1126"
author	Sakib Sajal <sakib.sajal@windriver.com>	2021-12-16 18:13:45 -0500
committer	Armin Kuster <akuster808@gmail.com>	2021-12-27 14:44:57 -0800
commit	475ff6954c7c78ea0b2bf6741c46973b1756d3c1 (patch)
tree	6ac48ab8d8dd261a3c00014e956a4890f02572a8 /meta-oe
parent	944966b53b385495ab6fc020ad3fcc02cbafe211 (diff)
download	meta-openembedded-475ff6954c7c78ea0b2bf6741c46973b1756d3c1.tar.gz

diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch new file mode 100644 index 0000000000..dff07de92f --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch
@@ -0,0 +1,297 @@
		1	From 7c6fb56c3bcafa96c0bc87350f0f9e85f002a254 Mon Sep 17 00:00:00 2001
		2	From: Dennis Jackson <djackson@mozilla.com>
		3	Date: Mon, 22 Nov 2021 10:40:42 +0000
		4	Subject: [PATCH] Bug 1737470 - Ensure DER encoded signatures are within size
		5	limits. r=jschanck,mt,bbeurdouche,rrelyea
		6
		7	Differential Revision: https://phabricator.services.mozilla.com/D129514
		8
		9	--HG--
		10	branch : NSS_3_68_1_BRANCH
		11
		12	Upstream-Status: Backport [7c6fb56c3bcafa96c0bc87350f0f9e85f002a254]
		13	Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
		14	---
		15	lib/cryptohi/secvfy.c \| 192 ++++++++++++++++++++++++++----------------
		16	1 file changed, 121 insertions(+), 71 deletions(-)
		17
		18	diff --git a/nss/lib/cryptohi/secvfy.c b/nss/lib/cryptohi/secvfy.c
		19	index 2540a544c..17545848c 100644
		20	--- a/nss/lib/cryptohi/secvfy.c
		21	+++ b/nss/lib/cryptohi/secvfy.c
		22	@@ -164,6 +164,37 @@ verifyPKCS1DigestInfo(const VFYContext cx, const SECItem digest)
		23	PR_FALSE /XXX: unsafeAllowMissingParameters/);
		24	}
		25
		26	+static unsigned int
		27	+checkedSignatureLen(const SECKEYPublicKey *pubk)
		28	+{
		29	+ unsigned int sigLen = SECKEY_SignatureLen(pubk);
		30	+ if (sigLen == 0) {
		31	+ /* Error set by SECKEY_SignatureLen */
		32	+ return sigLen;
		33	+ }
		34	+ unsigned int maxSigLen;
		35	+ switch (pubk->keyType) {
		36	+ case rsaKey:
		37	+ case rsaPssKey:
		38	+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
		39	+ break;
		40	+ case dsaKey:
		41	+ maxSigLen = DSA_MAX_SIGNATURE_LEN;
		42	+ break;
		43	+ case ecKey:
		44	+ maxSigLen = 2 * MAX_ECKEY_LEN;
		45	+ break;
		46	+ default:
		47	+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
		48	+ return 0;
		49	+ }
		50	+ if (sigLen > maxSigLen) {
		51	+ PORT_SetError(SEC_ERROR_INVALID_KEY);
		52	+ return 0;
		53	+ }
		54	+ return sigLen;
		55	+}
		56	+
		57	/*
		58	* decode the ECDSA or DSA signature from it's DER wrapping.
		59	* The unwrapped/raw signature is placed in the buffer pointed
		60	@@ -174,38 +205,38 @@ decodeECorDSASignature(SECOidTag algid, const SECItem sig, unsigned char dsig,
		61	unsigned int len)
		62	{
		63	SECItem dsasig = NULL; / also used for ECDSA */
		64	- SECStatus rv = SECSuccess;
		65
		66	- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
		67	- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
		68	- if (sig->len != len) {
		69	- PORT_SetError(SEC_ERROR_BAD_DER);
		70	- return SECFailure;
		71	+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
		72	+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
		73	+ if (len > DSA_MAX_SIGNATURE_LEN) {
		74	+ goto loser;
		75	}
		76	-
		77	- PORT_Memcpy(dsig, sig->data, sig->len);
		78	- return SECSuccess;
		79	- }
		80	-
		81	- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
		82	+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
		83	if (len > MAX_ECKEY_LEN * 2) {
		84	- PORT_SetError(SEC_ERROR_BAD_DER);
		85	- return SECFailure;
		86	+ goto loser;
		87	}
		88	- }
		89	- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
		90	-
		91	- if ((dsasig == NULL) \|\| (dsasig->len != len)) {
		92	- rv = SECFailure;
		93	} else {
		94	- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
		95	+ goto loser;
		96	}
		97
		98	- if (dsasig != NULL)
		99	+ /* Decode and pad to length */
		100	+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
		101	+ if (dsasig == NULL) {
		102	+ goto loser;
		103	+ }
		104	+ if (dsasig->len != len) {
		105	SECITEM_FreeItem(dsasig, PR_TRUE);
		106	- if (rv == SECFailure)
		107	- PORT_SetError(SEC_ERROR_BAD_DER);
		108	- return rv;
		109	+ goto loser;
		110	+ }
		111	+
		112	+ PORT_Memcpy(dsig, dsasig->data, len);
		113	+ SECITEM_FreeItem(dsasig, PR_TRUE);
		114	+
		115	+ return SECSuccess;
		116	+
		117	+loser:
		118	+ PORT_SetError(SEC_ERROR_BAD_DER);
		119	+ return SECFailure;
		120	}
		121
		122	const SEC_ASN1Template hashParameterTemplate[] =
		123	@@ -281,7 +312,7 @@ SECStatus
		124	sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
		125	const SECItem param, SECOidTag encalgp, SECOidTag *hashalg)
		126	{
		127	- int len;
		128	+ unsigned int len;
		129	PLArenaPool *arena;
		130	SECStatus rv;
		131	SECItem oid;
		132	@@ -466,48 +497,52 @@ vfy_CreateContext(const SECKEYPublicKey key, const SECItem sig,
		133	cx->pkcs1RSADigestInfo = NULL;
		134	rv = SECSuccess;
		135	if (sig) {
		136	- switch (type) {
		137	- case rsaKey:
		138	- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
		139	- &cx->pkcs1RSADigestInfo,
		140	- &cx->pkcs1RSADigestInfoLen,
		141	- cx->key,
		142	- sig, wincx);
		143	- break;
		144	- case rsaPssKey:
		145	- sigLen = SECKEY_SignatureLen(key);
		146	- if (sigLen == 0) {
		147	- /* error set by SECKEY_SignatureLen */
		148	- rv = SECFailure;
		149	+ rv = SECFailure;
		150	+ if (type == rsaKey) {
		151	+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
		152	+ &cx->pkcs1RSADigestInfo,
		153	+ &cx->pkcs1RSADigestInfoLen,
		154	+ cx->key,
		155	+ sig, wincx);
		156	+ } else {
		157	+ sigLen = checkedSignatureLen(key);
		158	+ /* Check signature length is within limits */
		159	+ if (sigLen == 0) {
		160	+ /* error set by checkedSignatureLen */
		161	+ rv = SECFailure;
		162	+ goto loser;
		163	+ }
		164	+ if (sigLen > sizeof(cx->u)) {
		165	+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		166	+ rv = SECFailure;
		167	+ goto loser;
		168	+ }
		169	+ switch (type) {
		170	+ case rsaPssKey:
		171	+ if (sig->len != sigLen) {
		172	+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		173	+ rv = SECFailure;
		174	+ goto loser;
		175	+ }
		176	+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
		177	+ rv = SECSuccess;
		178	break;
		179	- }
		180	- if (sig->len != sigLen) {
		181	- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		182	- rv = SECFailure;
		183	+ case ecKey:
		184	+ case dsaKey:
		185	+ /* decodeECorDSASignature will check sigLen == sig->len after padding */
		186	+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
		187	break;
		188	- }
		189	- PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
		190	- break;
		191	- case dsaKey:
		192	- case ecKey:
		193	- sigLen = SECKEY_SignatureLen(key);
		194	- if (sigLen == 0) {
		195	- /* error set by SECKEY_SignatureLen */
		196	+ default:
		197	+ /* Unreachable */
		198	rv = SECFailure;
		199	- break;
		200	- }
		201	- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
		202	- break;
		203	- default:
		204	- rv = SECFailure;
		205	- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
		206	- break;
		207	+ goto loser;
		208	+ }
		209	+ }
		210	+ if (rv != SECSuccess) {
		211	+ goto loser;
		212	}
		213	}
		214
		215	- if (rv)
		216	- goto loser;
		217	-
		218	/* check hash alg again, RSA may have changed it.*/
		219	if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
		220	/* error set by HASH_GetHashTypeByOidTag */
		221	@@ -650,11 +685,16 @@ VFY_EndWithSignature(VFYContext cx, SECItem sig)
		222	switch (cx->key->keyType) {
		223	case ecKey:
		224	case dsaKey:
		225	- dsasig.data = cx->u.buffer;
		226	- dsasig.len = SECKEY_SignatureLen(cx->key);
		227	+ dsasig.len = checkedSignatureLen(cx->key);
		228	if (dsasig.len == 0) {
		229	return SECFailure;
		230	}
		231	+ if (dsasig.len > sizeof(cx->u)) {
		232	+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		233	+ return SECFailure;
		234	+ }
		235	+ dsasig.data = cx->u.buffer;
		236	+
		237	if (sig) {
		238	rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
		239	dsasig.len);
		240	@@ -686,8 +726,13 @@ VFY_EndWithSignature(VFYContext cx, SECItem sig)
		241	}
		242
		243	rsasig.data = cx->u.buffer;
		244	- rsasig.len = SECKEY_SignatureLen(cx->key);
		245	+ rsasig.len = checkedSignatureLen(cx->key);
		246	if (rsasig.len == 0) {
		247	+ /* Error set by checkedSignatureLen */
		248	+ return SECFailure;
		249	+ }
		250	+ if (rsasig.len > sizeof(cx->u)) {
		251	+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		252	return SECFailure;
		253	}
		254	if (sig) {
		255	@@ -749,7 +794,6 @@ vfy_VerifyDigest(const SECItem digest, const SECKEYPublicKey key,
		256	SECStatus rv;
		257	VFYContext *cx;
		258	SECItem dsasig; /* also used for ECDSA */
		259	-
		260	rv = SECFailure;
		261
		262	cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
		263	@@ -757,19 +801,25 @@ vfy_VerifyDigest(const SECItem digest, const SECKEYPublicKey key,
		264	switch (key->keyType) {
		265	case rsaKey:
		266	rv = verifyPKCS1DigestInfo(cx, digest);
		267	+ /* Error (if any) set by verifyPKCS1DigestInfo */
		268	break;
		269	- case dsaKey:
		270	case ecKey:
		271	+ case dsaKey:
		272	dsasig.data = cx->u.buffer;
		273	- dsasig.len = SECKEY_SignatureLen(cx->key);
		274	+ dsasig.len = checkedSignatureLen(cx->key);
		275	if (dsasig.len == 0) {
		276	+ /* Error set by checkedSignatureLen */
		277	+ rv = SECFailure;
		278	break;
		279	}
		280	- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
		281	- SECSuccess) {
		282	+ if (dsasig.len > sizeof(cx->u)) {
		283	+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		284	+ rv = SECFailure;
		285	+ break;
		286	+ }
		287	+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
		288	+ if (rv != SECSuccess) {
		289	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
		290	- } else {
		291	- rv = SECSuccess;
		292	}
		293	break;
		294	default:
		295	--
		296	2.25.1
		297


diff --git a/meta-oe/recipes-support/nss/nss_3.64.bb b/meta-oe/recipes-support/nss/nss_3.64.bb index 97193aff5c..ccb5201d49 100644 --- a/meta-oe/recipes-support/nss/nss_3.64.bb +++ b/meta-oe/recipes-support/nss/nss_3.64.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
32	file://system-pkcs11.txt \	32	file://system-pkcs11.txt \
33	file://nss-fix-nsinstall-build.patch \	33	file://nss-fix-nsinstall-build.patch \
34	file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \	34	file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
		35	file://0001-Bug-1737470-Ensure-DER-encoded-signatures-are-within.patch \
35	"	36	"
36	SRC_URI[sha256sum] = "d3175427172e9c3a6f1ebc74452cb791590f28191c6a1a443dbc0d87c9df1126"	37	SRC_URI[sha256sum] = "d3175427172e9c3a6f1ebc74452cb791590f28191c6a1a443dbc0d87c9df1126"
37		38