Merge branch 'master' into certexception-work

author: wolfbeast <mcwerewolf@wolfbeast.com> 2019-11-04 13:31:30 +0100
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2019-11-04 13:31:30 +0100
commit: c5c44d12073791bb1150445ce48bc57fccbb544d (patch)
tree: 9d7704d17cb06f886b0943d1508c9ff08f4b9570 /security/nss/lib/freebl/intel-gcm-wrap.c
parent: a63272b5303b7aef467e974c630f745146fb983a (diff)
parent: bbc2206a0fda053a6f5071b457bd209dab9ed268 (diff)
download: UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.gz
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.lz
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.xz
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/security/nss/lib/freebl/intel-gcm-wrap.c b/security/nss/lib/freebl/intel-gcm-wrap.c
index 37a1af765..f69bc7c7a 100644
--- a/security/nss/lib/freebl/intel-gcm-wrap.c
+++ b/security/nss/lib/freebl/intel-gcm-wrap.c
@@ -62,6 +62,12 @@ intel_AES_GCM_CreateContext(void *context,
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
+    // Limit AADLen in accordance with SP800-38D
+    if (sizeof(AAD_whole_len) >= 8 && AAD_whole_len > (1ULL << 61) - 1) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return NULL;
+    }
+
     gcm = PORT_ZNew(intel_AES_GCMContext);
     if (gcm == NULL) {
         return NULL;
@@ -159,6 +165,14 @@ intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
     unsigned char T[AES_BLOCK_SIZE];
     unsigned int j;
 
+    // GCM has a 16 octet block, with a 32-bit block counter
+    // Limit in accordance with SP800-38D
+    if (sizeof(inlen) > 4 &&
+        inlen >= ((1ULL << 32) - 2) * AES_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
     tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
     if (UINT_MAX - inlen < tagBytes) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
@@ -216,6 +230,14 @@ intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
     inlen -= tagBytes;
     intag = inbuf + inlen;
 
+    // GCM has a 16 octet block, with a 32-bit block counter
+    // Limit in accordance with SP800-38D
+    if (sizeof(inlen) > 4 &&
+        inlen >= ((1ULL << 32) - 2) * AES_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
     if (maxout < inlen) {
         *outlen = inlen;
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
author	wolfbeast <mcwerewolf@wolfbeast.com>	2019-11-04 13:31:30 +0100
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2019-11-04 13:31:30 +0100
commit	c5c44d12073791bb1150445ce48bc57fccbb544d (patch)
tree	9d7704d17cb06f886b0943d1508c9ff08f4b9570 /security/nss/lib/freebl/intel-gcm-wrap.c
parent	a63272b5303b7aef467e974c630f745146fb983a (diff)
parent	bbc2206a0fda053a6f5071b457bd209dab9ed268 (diff)
download	UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.gz UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.lz UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.xz UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.zip