1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001
From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
Date: Sat, 18 Jul 2020 00:13:38 +0000
Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
PKCS11. r=jcj,kjacobs,rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D74801
--HG--
extra : moz-landing-system : lando
---
nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++--
nss/lib/freebl/chacha20poly1305.c | 2 +-
2 files changed, 10 insertions(+), 3 deletions(-)
CVE: CVE-2020-12403
Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8]
Comment: Refreshed path for whole patchset
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
index 41f9da71d6..3ea17678d9 100644
--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
sizeof(aead_params)};
- // Encrypt with bad parameters.
+ // Encrypt with bad parameters (TagLen is too long).
unsigned int encrypted_len = 0;
std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
aead_params.ulTagLen = 158072;
@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
&encrypted_len, encrypted.size(), data, data_len);
EXPECT_EQ(SECFailure, rv);
EXPECT_EQ(0U, encrypted_len);
- aead_params.ulTagLen = 16;
+
+ // Encrypt with bad parameters (TagLen is too short).
+ aead_params.ulTagLen = 2;
+ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, encrypted_len);
// Encrypt.
+ aead_params.ulTagLen = 16;
rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
&encrypted_len, encrypted.size(), data, data_len);
diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
index 970c6436da..5c294a9eaf 100644
--- a/nss/lib/freebl/chacha20poly1305.c
+++ b/nss/lib/freebl/chacha20poly1305.c
@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
PORT_SetError(SEC_ERROR_BAD_KEY);
return SECFailure;
}
- if (tagLen == 0 || tagLen > 16) {
+ if (tagLen != 16) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
return SECFailure;
}
|