diff options
author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-25 18:48:01 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-25 18:48:01 +0000 |
commit | eb24a89b1df2d5c5c25f50a8ba130e1ac4d27762 (patch) | |
tree | bf59ad876de7b3d95664a8afa2e87669daeba08b /net/third_party | |
parent | dd62fa80b7c48c6de0cd97ac59b6bf88a1f30f06 (diff) | |
download | chromium_src-eb24a89b1df2d5c5c25f50a8ba130e1ac4d27762.zip chromium_src-eb24a89b1df2d5c5c25f50a8ba130e1ac4d27762.tar.gz chromium_src-eb24a89b1df2d5c5c25f50a8ba130e1ac4d27762.tar.bz2 |
nss: reject DH generators and public values equal to zero or one.
BUG=124836
TEST=none
Review URL: http://codereview.chromium.org/10173004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@133948 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r-- | net/third_party/nss/README.chromium | 3 | ||||
-rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 2 | ||||
-rw-r--r-- | net/third_party/nss/patches/dhvalues.patch | 53 | ||||
-rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 30 |
4 files changed, 84 insertions, 4 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index d7110f0..b5105a0 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -68,6 +68,9 @@ Patches: * Enable False Start only when the server supports NPN. patches/falsestartnpn.patch + * Reject DH generators and public values equal to zero or one. + patches/dhvalues.patch + Apply the patches to NSS by running the patches/applypatches.sh script. Read the comments at the top of patches/applypatches.sh for instructions. diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index debd48c..55167bf 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -37,3 +37,5 @@ patch -p6 < $patches_dir/encryptedclientcerts.patch patch -p4 < $patches_dir/dtls.patch patch -p5 < $patches_dir/falsestartnpn.patch + +patch -p5 < $patches_dir/dhvalues.patch diff --git a/net/third_party/nss/patches/dhvalues.patch b/net/third_party/nss/patches/dhvalues.patch new file mode 100644 index 0000000..5d8ef28 --- /dev/null +++ b/net/third_party/nss/patches/dhvalues.patch @@ -0,0 +1,53 @@ +diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c +index b6f4313..5476fa5 100644 +--- a/net/third_party/nss/ssl/ssl3con.c ++++ b/net/third_party/nss/ssl/ssl3con.c +@@ -5505,6 +5505,30 @@ loser: + return SECFailure; + } + ++/* ssl3_BigIntGreaterThan1 returns true iff |mpint|, taken as an unsigned, ++ * big-endian integer is > 1 */ ++static PRBool ++ssl3_BigIntGreaterThan1(const SECItem* mpint) { ++ unsigned char firstNonZeroByte = 0; ++ unsigned int i; ++ ++ for (i = 0; i < mpint->len; i++) { ++ if (mpint->data[i]) { ++ firstNonZeroByte = mpint->data[i]; ++ break; ++ } ++ } ++ ++ if (firstNonZeroByte == 0) ++ return PR_FALSE; ++ if (firstNonZeroByte > 1) ++ return PR_TRUE; ++ ++ // firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte ++ // is followed by another byte. ++ return (i < mpint->len - 1); ++} ++ + /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete + * ssl3 ServerKeyExchange message. + * Caller must hold Handshake and RecvBuf locks. +@@ -5636,15 +5660,13 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) + if (rv != SECSuccess) { + goto loser; /* malformed. */ + } +- if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 || +- (dh_g.len == 1 && dh_g.data[0] == 0)) ++ if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThan1(&dh_g)) + goto alert_loser; + rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); + if (rv != SECSuccess) { + goto loser; /* malformed. */ + } +- if (dh_Ys.len == 0 || dh_Ys.len > dh_p.len + 1 || +- (dh_Ys.len == 1 && dh_Ys.data[0] == 0)) ++ if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThan1(&dh_Ys)) + goto alert_loser; + rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); + if (rv != SECSuccess) { diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index b6f4313..5476fa5 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -5505,6 +5505,30 @@ loser: return SECFailure; } +/* ssl3_BigIntGreaterThan1 returns true iff |mpint|, taken as an unsigned, + * big-endian integer is > 1 */ +static PRBool +ssl3_BigIntGreaterThan1(const SECItem* mpint) { + unsigned char firstNonZeroByte = 0; + unsigned int i; + + for (i = 0; i < mpint->len; i++) { + if (mpint->data[i]) { + firstNonZeroByte = mpint->data[i]; + break; + } + } + + if (firstNonZeroByte == 0) + return PR_FALSE; + if (firstNonZeroByte > 1) + return PR_TRUE; + + // firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte + // is followed by another byte. + return (i < mpint->len - 1); +} + /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 ServerKeyExchange message. * Caller must hold Handshake and RecvBuf locks. @@ -5636,15 +5660,13 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 || - (dh_g.len == 1 && dh_g.data[0] == 0)) + if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThan1(&dh_g)) goto alert_loser; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_Ys.len == 0 || dh_Ys.len > dh_p.len + 1 || - (dh_Ys.len == 1 && dh_Ys.data[0] == 0)) + if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThan1(&dh_Ys)) goto alert_loser; rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); if (rv != SECSuccess) { |