main/nss: backport secfixes (CVE-2017-5461, CVE-2017-5462)

fixes #7307

3 files changed, 200 insertions, 4 deletions

diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index f4ae2a6de0..ac707e5d0b 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=nss
 pkgver=3.23
 _ver=${pkgver//./_}
-pkgrel=0
+pkgrel=1
 pkgdesc="Mozilla Network Security Services"
 url="http://www.mozilla.org/projects/security/pki/nss/"
 arch="all"
@@ -15,9 +15,16 @@ source="http://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/sr
 	nss.pc.in
 	nss-config.in
 	add_spi+cacert_ca_certs.patch
+	CVE-2017-5461.patch
+	CVE-2017-5462.patch
 	"
 depends_dev="nspr-dev"
 
+# secfixes:
+#   3.23-r1:
+#   - CVE-2017-5461
+#   - CVE-2017-5462
+
 _builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	cd "$_builddir"
@@ -141,12 +148,18 @@ tools() {
 md5sums="21c3fed84441b2ab4c50ac626f6517e7  nss-3.23.tar.gz
 c547b030c57fe1ed8b77c73bf52b3ded  nss.pc.in
 46bee81908f1e5b26d6a7a2e14c64d9f  nss-config.in
-981e0df9e9cb7a9426b316f68911fb17  add_spi+cacert_ca_certs.patch"
+981e0df9e9cb7a9426b316f68911fb17  add_spi+cacert_ca_certs.patch
+84cc1a457563f2bfce14adb5f7c21031  CVE-2017-5461.patch
+0be3456e1b5f48e2b2821bd8e5a7a468  CVE-2017-5462.patch"
 sha256sums="94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf  nss-3.23.tar.gz
 b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd  nss.pc.in
 e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9  nss-config.in
-592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e  add_spi+cacert_ca_certs.patch"
+592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e  add_spi+cacert_ca_certs.patch
+687d4a16be13c746cb9df6cbbd7fccf342052be429a1632ef1d4fc35ed9ce852  CVE-2017-5461.patch
+d47e2e934f71681c75df5b7ebb84823a4b9dc1e0d100e37428eed814a258c525  CVE-2017-5462.patch"
 sha512sums="f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32  nss-3.23.tar.gz
 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
-6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch"
+6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch
+a0096ef23690177209a578c537625f734f9728c60a46dc135e708ca9319799514d954e1383ceb8b2dd2b55ab38fb1dcd070e2b2dab1ab66aeacf172e7a353e2c  CVE-2017-5461.patch
+ab4a290074e9dc742774c3cab7d49b0b53189121b840643c9fd244c165e6c7edb617b9999525ee457346c36949abc45f8b9f4ca8e6f037cd77947d41d637604d  CVE-2017-5462.patch"
diff --git a/main/nss/CVE-2017-5461.patch b/main/nss/CVE-2017-5461.patch
new file mode 100644
index 0000000000..6119f778cb
--- /dev/null
+++ b/main/nss/CVE-2017-5461.patch
@@ -0,0 +1,88 @@
+
+# HG changeset patch
+# User Franziskus Kiefer <franziskuskiefer@gmail.com>
+# Date 1489748381 -3600
+# Node ID 77a5bb81dbaac5b03266a64ff981c156b61c8931
+# Parent  da15c12097edbe876620ed5da8378ee3269caea8
+Bug 1344380 - gtests for b64 bug and some fixes, r=ttaubert
+
+Differential Revision: https://nss-review.dev.mozaws.net/D256#inline-2146
+
+Origin: backport, https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
+--- nss-3.26.orig/nss/lib/util/nssb64d.c
++++ nss-3.26/nss/lib/util/nssb64d.c
+@@ -373,7 +373,7 @@ pl_base64_decode_flush (PLBase64Decoder
+ static PRUint32
+ PL_Base64MaxDecodedLength (PRUint32 size)
+ {
+-    return ((size * 3) / 4);
++    return size * 0.75;
+ }
+ 
+ 
+--- a/nss/lib/util/nssb64e.c
++++ b/nss/lib/util/nssb64e.c
+@@ -285,20 +285,29 @@ PL_Base64MaxEncodedLength (PRUint32 size
+ {
+     PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder;
+ 
++    /* This is the maximum length we support. */
++    if (size > 0x3fffffff) {
++        return 0;
++    }
++
++
+     tokens = (size + 2) / 3;
+ 
+-    if (line_length == 0)
++    if (line_length == 0) {
+ 	return tokens * 4;
++    }
+ 
+-    if (line_length < 4)	/* too small! */
++    if (line_length < 4) { /* too small! */
+ 	line_length = 4;
++    }
+ 
+     tokens_per_line = line_length / 4;
+     full_lines = tokens / tokens_per_line;
+     remainder = (tokens - (full_lines * tokens_per_line)) * 4;
+     line_break_chars = full_lines * 2;
+-    if (remainder == 0)
++    if (remainder == 0) {
+ 	line_break_chars -= 2;
++    }
+ 
+     return (full_lines * tokens_per_line * 4) + line_break_chars + remainder;
+ }
+@@ -454,13 +463,18 @@ PL_Base64EncodeBuffer (const unsigned ch
+     PRStatus status;
+ 
+     PR_ASSERT(srclen > 0);
+-    if (srclen == 0)
++    if (srclen == 0) {
+ 	return dest;
++    }
+ 
+     /*
+      * How much space could we possibly need for encoding this input?
+      */
+     need_length = PL_Base64MaxEncodedLength (srclen, line_length);
++    if (need_length == 0) {
++        PORT_SetError(SEC_ERROR_INVALID_ARGS);
++        return NULL;
++    }
+ 
+     /*
+      * Make sure we have at least that much, if output buffer provided.
+@@ -643,6 +657,10 @@ NSSBase64_EncodeItem (PLArenaPool *arena
+     }
+ 
+     max_out_len = PL_Base64MaxEncodedLength (inItem->len, 64);
++    if (max_out_len == 0) {
++        PORT_SetError(SEC_ERROR_INVALID_ARGS);
++        return NULL;
++    }
+ 
+     if (arenaOpt != NULL)
+ 	mark = PORT_ArenaMark (arenaOpt);
diff --git a/main/nss/CVE-2017-5462.patch b/main/nss/CVE-2017-5462.patch
new file mode 100644
index 0000000000..f31b02ffc3
--- /dev/null
+++ b/main/nss/CVE-2017-5462.patch
@@ -0,0 +1,95 @@
+
+# HG changeset patch
+# User Franziskus Kiefer <franziskuskiefer@gmail.com>
+# Date 1491394302 -7200
+# Node ID 7248d38b76e569d2f89b20598fcdca595c3a2e6a
+# Parent  6eb39ead39e0b3f6269fd9660a4426187f5302a8
+Bug 1345089 - add prng kat tests, r=ttaubert
+
+Origin: backport, https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
+--- a/nss/lib/freebl/blapi.h
++++ b/nss/lib/freebl/blapi.h
+@@ -1473,6 +1473,12 @@ FIPS186Change_ReduceModQForDSA(const uns
+                                const unsigned char *q,
+                                unsigned char *xj);
+ 
++/* To allow NIST KAT tests */
++extern SECStatus
++PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
++                         const PRUint8 *nonce, unsigned int nonce_len,
++                         const PRUint8 *personal_string, unsigned int ps_len);
++
+ /*
+  * The following functions are for FIPS poweron self test and FIPS algorithm
+  * testing.
+--- a/nss/lib/freebl/drbg.c
++++ b/nss/lib/freebl/drbg.c
+@@ -96,7 +96,8 @@ struct RNGContextStr {
+      * RNG_RandomUpdate. */
+     PRUint8  additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
+     PRUint32 additionalAvail;
+-    PRBool   isValid;          /* false if RNG reaches an invalid state */
++    PRBool isValid;   /* false if RNG reaches an invalid state */
++    PRBool isKatTest; /* true if running NIST PRNG KAT tests */
+ };
+ 
+ typedef struct RNGContextStr RNGContext;
+@@ -149,7 +150,7 @@ prng_Hash_df(PRUint8 *requested_bytes, u
+ 
+ 
+ /*
+- * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2
++ * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2
+  *
+  * NOTE: bytes & len are entropy || nonce || personalization_string. In
+  * normal operation, NSS calculates them all together in a single call.
+@@ -157,9 +158,11 @@ prng_Hash_df(PRUint8 *requested_bytes, u
+ static SECStatus
+ prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
+ {
+-    if (len < PRNG_SEEDLEN) {
+-	/* if the seedlen is to small, it's probably because we failed to get
+-	 * enough random data */
++    if (!rng->isKatTest && len < PRNG_SEEDLEN) {
++        /* If the seedlen is too small, it's probably because we failed to get
++         * enough random data.
++         * This is stricter than NIST SP800-90A requires. Don't enforce it for
++         * tests. */
+ 	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ 	return SECFailure;
+     }
+@@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const
+ 
+ #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
+     PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
+-    PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
++    PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry)
+ 
+ /*
+  * This function expands the internal state of the prng to fulfill any number
+@@ -440,6 +443,7 @@ static PRStatus rng_init(void)
+ 	}
+ 	/* the RNG is in a valid state */
+ 	globalrng->isValid = PR_TRUE;
++        globalrng->isKatTest = PR_FALSE;
+ 
+ 	/* fetch one random value so that we can populate rng->oldV for our
+ 	 * continous random number test. */
+@@ -684,6 +688,17 @@ RNG_RNGShutdown(void)
+   * entropy we may have previously collected. */
+ RNGContext testContext;
+ 
++SECStatus
++PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
++                         const PRUint8 *nonce, unsigned int nonce_len,
++                         const PRUint8 *personal_string, unsigned int ps_len)
++{
++    testContext.isKatTest = PR_TRUE;
++    return PRNGTEST_Instantiate(entropy, entropy_len,
++                                nonce, nonce_len,
++                                personal_string, ps_len);
++}
++
+ /*
+  * Test vector API. Use NIST SP 800-90 general interface so one of the
+  * other NIST SP 800-90 algorithms may be used in the future.