Bug 1445731 - land NSS NSS_3_37_BETA2 UPGRADE_NSS_RELEASE, r=me

--HG-- extra : rebase_source : b68bb60ebd5ac7037d71c8db6acec29802220a5c
2024-10-09 19:35:51 +00:00 · 2018-04-26 15:32:24 +02:00 · 2018-04-26 15:32:24 +02:00 · 61f85fbe96
commit 61f85fbe96
parent cb14cfd1ca
7 changed files with 88 additions and 2 deletions
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@ -1 +1 @@
-3e452651e282
+NSS_3_37_BETA2
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@ -181,6 +181,10 @@ ifndef NSS_FORCE_FIPS
 DEFINES += -DNSS_NO_INIT_SUPPORT
 endif

+ifdef NSS_SEED_ONLY_DEV_URANDOM
+DEFINES += -DSEED_ONLY_DEV_URANDOM
+endif
+
 # Avoid building object leak test code for optimized library
 ifndef BUILD_OPT
 ifdef PKIX_OBJECT_LEAK_TEST
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@ -10,3 +10,4 @@
 */

 #error "Do not include this header file."
+
--- a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
@ -620,6 +620,52 @@ TEST_P(TlsConnectGenericPre13, ConnectUnsupportedPointFormat) {
  client_->CheckErrorCode(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
 }

+// Replace SignatureAndHashAlgorithm of a SKE.
+class ECCServerKEXSigAlgReplacer : public TlsHandshakeFilter {
+ public:
+  ECCServerKEXSigAlgReplacer(const std::shared_ptr<TlsAgent> &server,
+                             SSLSignatureScheme sig_scheme)
+      : TlsHandshakeFilter(server, {kTlsHandshakeServerKeyExchange}),
+        sig_scheme_(sig_scheme) {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
+                                               const DataBuffer &input,
+                                               DataBuffer *output) {
+    *output = input;
+
+    uint32_t point_len;
+    EXPECT_TRUE(output->Read(3, 1, &point_len));
+    output->Write(4 + point_len, sig_scheme_, 2);
+
+    return CHANGE;
+  }
+
+ private:
+  SSLSignatureScheme sig_scheme_;
+};
+
+TEST_P(TlsConnectTls12, ConnectUnsupportedSigAlg) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  MakeTlsFilter<ECCServerKEXSigAlgReplacer>(server_, ssl_sig_none);
+  ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+  client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+}
+
+TEST_P(TlsConnectTls12, ConnectIncorrectSigAlg) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  MakeTlsFilter<ECCServerKEXSigAlgReplacer>(server_,
+                                            ssl_sig_ecdsa_secp256r1_sha256);
+  ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+  client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+}
+
 INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest,
                        ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
                                           TlsConnectTestBase::kTlsV11Plus));
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@ -32,7 +32,7 @@
 * - whenever possible, if older branches require a modification to the
 *   list, these changes should be made on the main line of development (trunk),
 *   and the older branches should update to the most recent list.
- * 
+ *
 * - ODD minor version numbers are reserved to indicate a snapshot that has
 *   deviated from the main line of development, e.g. if it was necessary
 *   to modify the list on a stable branch.
--- a/security/nss/lib/freebl/unix_urandom.c
+++ b/security/nss/lib/freebl/unix_urandom.c
@ -4,10 +4,14 @@

 #include <fcntl.h>
 #include <unistd.h>
+#include <errno.h>
 #include "secerr.h"
 #include "secrng.h"
 #include "prprf.h"

+/* syscall getentropy() is limited to retrieving 256 bytes */
+#define GETENTROPY_MAX_BYTES 256
+
 void
 RNG_SystemInfoForRNG(void)
 {
@ -28,6 +32,35 @@ RNG_SystemRNG(void *dest, size_t maxLen)
    size_t fileBytes = 0;
    unsigned char *buffer = dest;

+#if defined(LINUX) && defined(__GLIBC__) && ((__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 25)))
+    int result;
+
+    while (fileBytes < maxLen) {
+        size_t getBytes = maxLen - fileBytes;
+        if (getBytes > GETENTROPY_MAX_BYTES) {
+            getBytes = GETENTROPY_MAX_BYTES;
+        }
+        result = getentropy(buffer, getBytes);
+        if (result == 0) { /* success */
+            fileBytes += getBytes;
+            buffer += getBytes;
+        } else {
+            break;
+        }
+    }
+    if (fileBytes == maxLen) { /* success */
+        return maxLen;
+    }
+    /* If we failed with an error other than ENOSYS, it means the destination
+     * buffer is not writeable. We don't need to try writing to it again. */
+    if (errno != ENOSYS) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        return 0;
+    }
+    /* ENOSYS means the kernel doesn't support getentropy()/getrandom().
+     * Reset the number of bytes to get and fall back to /dev/urandom. */
+    fileBytes = 0;
+#endif
    fd = open("/dev/urandom", O_RDONLY);
    if (fd < 0) {
        PORT_SetError(SEC_ERROR_NEED_RANDOM);
--- a/security/nss/lib/ssl/ssl3ecc.c
+++ b/security/nss/lib/ssl/ssl3ecc.c
@ -548,11 +548,13 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length)
    if (ss->ssl3.prSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
        rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
        if (rv != SECSuccess) {
+            errCode = PORT_GetError();
            goto alert_loser; /* malformed or unsupported. */
        }
        rv = ssl_CheckSignatureSchemeConsistency(ss, sigScheme,
                                                 ss->sec.peerCert);
        if (rv != SECSuccess) {
+            errCode = PORT_GetError();
            goto alert_loser;
        }
        hashAlg = ssl_SignatureSchemeToHashType(sigScheme);