From df8a93044c0aba2dc42fc345983d9c63a483d3a8 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 16 Dec 2021 19:37:17 +0100 Subject: [PATCH] gnu: Remove unreferenced nss/fixed. * gnu/packages/nss.scm (nss/fixed): Remove variable. * gnu/packages/patches/nss-CVE-2021-43527.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/nss.scm | 3 - gnu/packages/patches/nss-CVE-2021-43527.patch | 354 ------------------ 3 files changed, 358 deletions(-) delete mode 100644 gnu/packages/patches/nss-CVE-2021-43527.patch diff --git a/gnu/local.mk b/gnu/local.mk index 274acb9c27..6022c0fb90 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1517,7 +1517,6 @@ dist_patch_DATA = \ %D%/packages/patches/nsis-env-passthru.patch \ %D%/packages/patches/nsis-source-date-epoch.patch \ %D%/packages/patches/nss-getcwd-nonnull.patch \ - %D%/packages/patches/nss-CVE-2021-43527.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-3.56-pkgconfig.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 41b564483f..bb449352a6 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -219,6 +219,3 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.") (license license:mpl2.0))) - -(define nss/fixed - (package-with-extra-patches nss (search-patches "nss-CVE-2021-43527.patch"))) diff --git a/gnu/packages/patches/nss-CVE-2021-43527.patch b/gnu/packages/patches/nss-CVE-2021-43527.patch deleted file mode 100644 index b619438f37..0000000000 --- a/gnu/packages/patches/nss-CVE-2021-43527.patch +++ /dev/null @@ -1,354 +0,0 @@ -Fixes CVE-2021-43527. -Copied from , -but with the file names adjusted to allow easy use within GNU Guix. - -# HG changeset patch -# User Dennis Jackson -# Date 1637577642 0 -# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd -# Parent da3d22d708c9cc0a32cff339658aeb627575e371 -Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea - -Differential Revision: https://phabricator.services.mozilla.com/D129514 - ---- a/nss/lib/cryptohi/secvfy.c -+++ b/nss/lib/cryptohi/secvfy.c -@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext * - SECItem pkcs1DigestInfo; - pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo; - pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen; - return _SGN_VerifyPKCS1DigestInfo( - cx->hashAlg, digest, &pkcs1DigestInfo, - PR_FALSE /*XXX: unsafeAllowMissingParameters*/); - } - -+static unsigned int -+checkedSignatureLen(const SECKEYPublicKey *pubk) -+{ -+ unsigned int sigLen = SECKEY_SignatureLen(pubk); -+ if (sigLen == 0) { -+ /* Error set by SECKEY_SignatureLen */ -+ return sigLen; -+ } -+ unsigned int maxSigLen; -+ switch (pubk->keyType) { -+ case rsaKey: -+ case rsaPssKey: -+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; -+ break; -+ case dsaKey: -+ maxSigLen = DSA_MAX_SIGNATURE_LEN; -+ break; -+ case ecKey: -+ maxSigLen = 2 * MAX_ECKEY_LEN; -+ break; -+ default: -+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -+ return 0; -+ } -+ if (sigLen > maxSigLen) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return 0; -+ } -+ return sigLen; -+} -+ - /* - * decode the ECDSA or DSA signature from it's DER wrapping. - * The unwrapped/raw signature is placed in the buffer pointed - * to by dsig and has enough room for len bytes. - */ - static SECStatus - decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig, - unsigned int len) - { - SECItem *dsasig = NULL; /* also used for ECDSA */ -- SECStatus rv = SECSuccess; - -- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && -- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { -- if (sig->len != len) { -- PORT_SetError(SEC_ERROR_BAD_DER); -- return SECFailure; -+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ -+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { -+ if (len > DSA_MAX_SIGNATURE_LEN) { -+ goto loser; - } -- -- PORT_Memcpy(dsig, sig->data, sig->len); -- return SECSuccess; -+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { -+ if (len > MAX_ECKEY_LEN * 2) { -+ goto loser; -+ } -+ } else { -+ goto loser; - } - -- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { -- if (len > MAX_ECKEY_LEN * 2) { -- PORT_SetError(SEC_ERROR_BAD_DER); -- return SECFailure; -- } -+ /* Decode and pad to length */ -+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); -+ if (dsasig == NULL) { -+ goto loser; - } -- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); -- -- if ((dsasig == NULL) || (dsasig->len != len)) { -- rv = SECFailure; -- } else { -- PORT_Memcpy(dsig, dsasig->data, dsasig->len); -+ if (dsasig->len != len) { -+ SECITEM_FreeItem(dsasig, PR_TRUE); -+ goto loser; - } - -- if (dsasig != NULL) -- SECITEM_FreeItem(dsasig, PR_TRUE); -- if (rv == SECFailure) -- PORT_SetError(SEC_ERROR_BAD_DER); -- return rv; -+ PORT_Memcpy(dsig, dsasig->data, len); -+ SECITEM_FreeItem(dsasig, PR_TRUE); -+ -+ return SECSuccess; -+ -+loser: -+ PORT_SetError(SEC_ERROR_BAD_DER); -+ return SECFailure; - } - - const SEC_ASN1Template hashParameterTemplate[] = - { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) }, - { SEC_ASN1_OBJECT_ID, 0 }, - { SEC_ASN1_SKIP_REST }, - { 0 } -@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg - * - * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the - * algorithm was not found or was not a signing algorithm. - */ - SECStatus - sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, - const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) - { -- int len; -+ unsigned int len; - PLArenaPool *arena; - SECStatus rv; - SECItem oid; - SECOidTag encalg; - - PR_ASSERT(hashalg != NULL); - PR_ASSERT(encalgp != NULL); - -@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey - cx->wincx = wincx; - cx->hasSignature = (sig != NULL); - cx->encAlg = encAlg; - cx->hashAlg = hashAlg; - cx->key = SECKEY_CopyPublicKey(key); - cx->pkcs1RSADigestInfo = NULL; - rv = SECSuccess; - if (sig) { -- switch (type) { -- case rsaKey: -- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, -- &cx->pkcs1RSADigestInfo, -- &cx->pkcs1RSADigestInfoLen, -- cx->key, -- sig, wincx); -- break; -- case rsaPssKey: -- sigLen = SECKEY_SignatureLen(key); -- if (sigLen == 0) { -- /* error set by SECKEY_SignatureLen */ -- rv = SECFailure; -+ rv = SECFailure; -+ if (type == rsaKey) { -+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, -+ &cx->pkcs1RSADigestInfo, -+ &cx->pkcs1RSADigestInfoLen, -+ cx->key, -+ sig, wincx); -+ } else { -+ sigLen = checkedSignatureLen(key); -+ /* Check signature length is within limits */ -+ if (sigLen == 0) { -+ /* error set by checkedSignatureLen */ -+ rv = SECFailure; -+ goto loser; -+ } -+ if (sigLen > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ rv = SECFailure; -+ goto loser; -+ } -+ switch (type) { -+ case rsaPssKey: -+ if (sig->len != sigLen) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ rv = SECFailure; -+ goto loser; -+ } -+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); -+ rv = SECSuccess; - break; -- } -- if (sig->len != sigLen) { -- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ case ecKey: -+ case dsaKey: -+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ -+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); -+ break; -+ default: -+ /* Unreachable */ - rv = SECFailure; -- break; -- } -- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); -- break; -- case dsaKey: -- case ecKey: -- sigLen = SECKEY_SignatureLen(key); -- if (sigLen == 0) { -- /* error set by SECKEY_SignatureLen */ -- rv = SECFailure; -- break; -- } -- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); -- break; -- default: -- rv = SECFailure; -- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -- break; -+ goto loser; -+ } -+ } -+ if (rv != SECSuccess) { -+ goto loser; - } - } - -- if (rv) -- goto loser; -- - /* check hash alg again, RSA may have changed it.*/ - if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { - /* error set by HASH_GetHashTypeByOidTag */ - goto loser; - } - /* check the policy on the hash algorithm. Do this after - * the rsa decode because some uses of this function get hash implicitly - * from the RSA signature itself. */ -@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC - if (cx->hashcx == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final)); - switch (cx->key->keyType) { - case ecKey: - case dsaKey: -- dsasig.data = cx->u.buffer; -- dsasig.len = SECKEY_SignatureLen(cx->key); -+ dsasig.len = checkedSignatureLen(cx->key); - if (dsasig.len == 0) { - return SECFailure; - } -+ if (dsasig.len > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ return SECFailure; -+ } -+ dsasig.data = cx->u.buffer; -+ - if (sig) { - rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, - dsasig.len); - if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - } -@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC - cx->params, - &mech); - PORT_DestroyCheapArena(&tmpArena); - if (rv != SECSuccess) { - return SECFailure; - } - - rsasig.data = cx->u.buffer; -- rsasig.len = SECKEY_SignatureLen(cx->key); -+ rsasig.len = checkedSignatureLen(cx->key); - if (rsasig.len == 0) { -+ /* Error set by checkedSignatureLen */ -+ return SECFailure; -+ } -+ if (rsasig.len > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - if (sig) { - if (sig->len != rsasig.len) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - PORT_Memcpy(rsasig.data, sig->data, rsasig.len); -@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx) - static SECStatus - vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, - const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, - void *wincx) - { - SECStatus rv; - VFYContext *cx; - SECItem dsasig; /* also used for ECDSA */ -- - rv = SECFailure; - - cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); - if (cx != NULL) { - switch (key->keyType) { - case rsaKey: - rv = verifyPKCS1DigestInfo(cx, digest); -+ /* Error (if any) set by verifyPKCS1DigestInfo */ - break; -- case dsaKey: - case ecKey: -+ case dsaKey: - dsasig.data = cx->u.buffer; -- dsasig.len = SECKEY_SignatureLen(cx->key); -+ dsasig.len = checkedSignatureLen(cx->key); - if (dsasig.len == 0) { -+ /* Error set by checkedSignatureLen */ -+ rv = SECFailure; - break; - } -- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != -- SECSuccess) { -+ if (dsasig.len > sizeof(cx->u)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -- } else { -- rv = SECSuccess; -+ rv = SECFailure; -+ break; -+ } -+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); -+ if (rv != SECSuccess) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - } - break; - default: - break; - } - VFY_DestroyContext(cx, PR_TRUE); - } - return rv; -