99b17fbdca
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=471
63 lines
2.1 KiB
Diff
63 lines
2.1 KiB
Diff
# HG changeset patch
|
|
# User Hans Petter Jansson <hpj@cl.no>
|
|
# Date 1574234739 -3600
|
|
# Wed Nov 20 08:25:39 2019 +0100
|
|
# Node ID 5396ffb26887cc0cd42b9f12cc6c8e3dfdaf194b
|
|
# Parent f5cf5d16deb68e65b5dd4e799d9e8e3098400d62
|
|
[PATCH] 22
|
|
From 41dd171b242b0cb550d12760da110db7e2c21daf Mon Sep 17 00:00:00 2001
|
|
---
|
|
nss/lib/freebl/gcm.c | 16 ++++++++++++++++
|
|
1 file changed, 16 insertions(+)
|
|
|
|
Index: nss/lib/freebl/gcm.c
|
|
===================================================================
|
|
--- nss.orig/lib/freebl/gcm.c
|
|
+++ nss/lib/freebl/gcm.c
|
|
@@ -539,8 +539,14 @@ struct GCMContextStr {
|
|
unsigned char tagKey[MAX_BLOCK_SIZE];
|
|
PRBool ctr_context_init;
|
|
gcmIVContext gcm_iv;
|
|
+ unsigned long long gcm_iv_bytes;
|
|
};
|
|
|
|
+/* NIST SP-800-38D limits the use of GCM with a single IV to 2^39 - 256
|
|
+ * bits which translates to 2^32 - 2 128bit blocks or 2^36 - 32 bytes
|
|
+ */
|
|
+#define MAX_GCM_BYTES_PER_IV ((1ULL << 36) - 32)
|
|
+
|
|
SECStatus gcm_InitCounter(GCMContext *gcm, const unsigned char *iv,
|
|
unsigned int ivLen, unsigned int tagBits,
|
|
const unsigned char *aad, unsigned int aadLen);
|
|
@@ -794,6 +800,8 @@ gcm_InitCounter(GCMContext *gcm, const u
|
|
goto loser;
|
|
}
|
|
|
|
+ gcm->gcm_iv_bytes = MAX_GCM_BYTES_PER_IV;
|
|
+
|
|
/* finally mix in the AAD data */
|
|
rv = gcmHash_Reset(ghash, aad, aadLen);
|
|
if (rv != SECSuccess) {
|
|
@@ -895,6 +903,13 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
|
|
return SECFailure;
|
|
}
|
|
|
|
+ /* bail out if this invocation requests processing more than what is
|
|
+ * considered to be a safe limit */
|
|
+ if (gcm->gcm_iv_bytes < (unsigned long long)inlen) {
|
|
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
|
|
if (UINT_MAX - inlen < tagBytes) {
|
|
PORT_SetError(SEC_ERROR_INPUT_LEN);
|
|
@@ -923,6 +938,7 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
|
|
*outlen = 0;
|
|
return SECFailure;
|
|
};
|
|
+ gcm->gcm_iv_bytes -= inlen;
|
|
*outlen += len;
|
|
return SECSuccess;
|
|
}
|