b91ce5d4d5
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=457
63 lines
2.1 KiB
Diff
63 lines
2.1 KiB
Diff
# HG changeset patch
|
|
# User Hans Petter Jansson <hpj@cl.no>
|
|
# Date 1574234739 -3600
|
|
# Wed Nov 20 08:25:39 2019 +0100
|
|
# Node ID 5396ffb26887cc0cd42b9f12cc6c8e3dfdaf194b
|
|
# Parent f5cf5d16deb68e65b5dd4e799d9e8e3098400d62
|
|
[PATCH] 22
|
|
From 41dd171b242b0cb550d12760da110db7e2c21daf Mon Sep 17 00:00:00 2001
|
|
---
|
|
nss/lib/freebl/gcm.c | 16 ++++++++++++++++
|
|
1 file changed, 16 insertions(+)
|
|
|
|
Index: nss/lib/freebl/gcm.c
|
|
===================================================================
|
|
--- nss.orig/lib/freebl/gcm.c
|
|
+++ nss/lib/freebl/gcm.c
|
|
@@ -535,8 +535,14 @@ struct GCMContextStr {
|
|
unsigned char tagKey[MAX_BLOCK_SIZE];
|
|
PRBool ctr_context_init;
|
|
gcmIVContext gcm_iv;
|
|
+ unsigned long long gcm_iv_bytes;
|
|
};
|
|
|
|
+/* NIST SP-800-38D limits the use of GCM with a single IV to 2^39 - 256
|
|
+ * bits which translates to 2^32 - 2 128bit blocks or 2^36 - 32 bytes
|
|
+ */
|
|
+#define MAX_GCM_BYTES_PER_IV ((1ULL << 36) - 32)
|
|
+
|
|
SECStatus gcm_InitCounter(GCMContext *gcm, const unsigned char *iv,
|
|
unsigned int ivLen, unsigned int tagBits,
|
|
const unsigned char *aad, unsigned int aadLen);
|
|
@@ -676,6 +682,8 @@ gcm_InitCounter(GCMContext *gcm, const u
|
|
goto loser;
|
|
}
|
|
|
|
+ gcm->gcm_iv_bytes = MAX_GCM_BYTES_PER_IV;
|
|
+
|
|
/* finally mix in the AAD data */
|
|
rv = gcmHash_Reset(ghash, aad, aadLen);
|
|
if (rv != SECSuccess) {
|
|
@@ -777,6 +785,13 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
|
|
return SECFailure;
|
|
}
|
|
|
|
+ /* bail out if this invocation requests processing more than what is
|
|
+ * considered to be a safe limit */
|
|
+ if (gcm->gcm_iv_bytes < (unsigned long long)inlen) {
|
|
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
|
|
if (UINT_MAX - inlen < tagBytes) {
|
|
PORT_SetError(SEC_ERROR_INPUT_LEN);
|
|
@@ -805,6 +820,7 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
|
|
*outlen = 0;
|
|
return SECFailure;
|
|
};
|
|
+ gcm->gcm_iv_bytes -= inlen;
|
|
*outlen += len;
|
|
return SECSuccess;
|
|
}
|