summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dom/media/eme/EMEUtils.cpp12
-rw-r--r--dom/media/eme/EMEUtils.h4
-rw-r--r--dom/media/eme/MediaEncryptedEvent.cpp8
-rw-r--r--dom/media/eme/MediaKeyMessageEvent.cpp7
-rw-r--r--security/nss/coreconf/coreconf.dep1
-rw-r--r--security/nss/lib/freebl/dsa.c45
-rw-r--r--security/nss/lib/nss/nss.h4
-rw-r--r--security/nss/lib/softoken/softkver.h4
-rw-r--r--security/nss/lib/util/nssutil.h4
-rw-r--r--widget/windows/nsDataObj.cpp16
10 files changed, 74 insertions, 31 deletions
diff --git a/dom/media/eme/EMEUtils.cpp b/dom/media/eme/EMEUtils.cpp
index 11eb0026e..93e7834e3 100644
--- a/dom/media/eme/EMEUtils.cpp
+++ b/dom/media/eme/EMEUtils.cpp
@@ -5,6 +5,8 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/EMEUtils.h"
+
+#include "jsfriendapi.h" // for AutoCheckCannotGC
#include "mozilla/dom/UnionTypes.h"
namespace mozilla {
@@ -23,6 +25,7 @@ ArrayData
GetArrayBufferViewOrArrayBufferData(const dom::ArrayBufferViewOrArrayBuffer& aBufferOrView)
{
MOZ_ASSERT(aBufferOrView.IsArrayBuffer() || aBufferOrView.IsArrayBufferView());
+ JS::AutoCheckCannotGC nogc;
if (aBufferOrView.IsArrayBuffer()) {
const dom::ArrayBuffer& buffer = aBufferOrView.GetAsArrayBuffer();
buffer.ComputeLengthAndData();
@@ -39,6 +42,7 @@ void
CopyArrayBufferViewOrArrayBufferData(const dom::ArrayBufferViewOrArrayBuffer& aBufferOrView,
nsTArray<uint8_t>& aOutData)
{
+ JS::AutoCheckCannotGC nogc;
ArrayData data = GetArrayBufferViewOrArrayBufferData(aBufferOrView);
aOutData.Clear();
if (!data.IsValid()) {
@@ -47,6 +51,14 @@ CopyArrayBufferViewOrArrayBufferData(const dom::ArrayBufferViewOrArrayBuffer& aB
aOutData.AppendElements(data.mData, data.mLength);
}
+void CopyArrayBufferViewOrArrayBufferData(const dom::ArrayBuffer& aBuffer,
+ nsTArray<uint8_t>& aOutData) {
+ JS::AutoCheckCannotGC nogc;
+ aBuffer.ComputeLengthAndData();
+ aOutData.Clear();
+ aOutData.AppendElements(aBuffer.Data(), aBuffer.Length());
+}
+
bool
IsClearkeyKeySystem(const nsAString& aKeySystem)
{
diff --git a/dom/media/eme/EMEUtils.h b/dom/media/eme/EMEUtils.h
index 4a2e5da18..3b5d88561 100644
--- a/dom/media/eme/EMEUtils.h
+++ b/dom/media/eme/EMEUtils.h
@@ -45,6 +45,10 @@ void
CopyArrayBufferViewOrArrayBufferData(const dom::ArrayBufferViewOrArrayBuffer& aBufferOrView,
nsTArray<uint8_t>& aOutData);
+// Overload for ArrayBuffer
+void CopyArrayBufferViewOrArrayBufferData(const dom::ArrayBuffer& aBufferOrView,
+ nsTArray<uint8_t>& aOutData);
+
struct ArrayData {
explicit ArrayData(const uint8_t* aData, size_t aLength)
: mData(aData)
diff --git a/dom/media/eme/MediaEncryptedEvent.cpp b/dom/media/eme/MediaEncryptedEvent.cpp
index 8e2595fcb..fe1c8a3bc 100644
--- a/dom/media/eme/MediaEncryptedEvent.cpp
+++ b/dom/media/eme/MediaEncryptedEvent.cpp
@@ -87,10 +87,10 @@ MediaEncryptedEvent::Constructor(const GlobalObject& aGlobal,
e->mInitDataType = aEventInitDict.mInitDataType;
if (!aEventInitDict.mInitData.IsNull()) {
const auto& a = aEventInitDict.mInitData.Value();
- a.ComputeLengthAndData();
- e->mInitData = ArrayBuffer::Create(aGlobal.Context(),
- a.Length(),
- a.Data());
+ nsTArray<uint8_t> initData;
+ CopyArrayBufferViewOrArrayBufferData(a, initData);
+ e->mInitData = ArrayBuffer::Create(aGlobal.Context(), initData.Length(),
+ initData.Elements());
if (!e->mInitData) {
aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
return nullptr;
diff --git a/dom/media/eme/MediaKeyMessageEvent.cpp b/dom/media/eme/MediaKeyMessageEvent.cpp
index 37c509e67..289d0c16e 100644
--- a/dom/media/eme/MediaKeyMessageEvent.cpp
+++ b/dom/media/eme/MediaKeyMessageEvent.cpp
@@ -85,10 +85,11 @@ MediaKeyMessageEvent::Constructor(const GlobalObject& aGlobal,
RefPtr<MediaKeyMessageEvent> e = new MediaKeyMessageEvent(owner);
bool trusted = e->Init(owner);
e->InitEvent(aType, aEventInitDict.mBubbles, aEventInitDict.mCancelable);
- aEventInitDict.mMessage.ComputeLengthAndData();
+ nsTArray<uint8_t> initData;
+ CopyArrayBufferViewOrArrayBufferData(aEventInitDict.mMessage, initData);
e->mMessage = ArrayBuffer::Create(aGlobal.Context(),
- aEventInitDict.mMessage.Length(),
- aEventInitDict.mMessage.Data());
+ initData.Length(),
+ initData.Elements());
if (!e->mMessage) {
aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
return nullptr;
diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep
index 5182f7555..590d1bfae 100644
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -10,3 +10,4 @@
*/
#error "Do not include this header file."
+
diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c
index aef353967..389c9de24 100644
--- a/security/nss/lib/freebl/dsa.c
+++ b/security/nss/lib/freebl/dsa.c
@@ -313,13 +313,14 @@ DSA_NewKeyFromSeed(const PQGParams *params,
static SECStatus
dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
- const unsigned char *kb)
+ const unsigned char *kbytes)
{
mp_int p, q, g; /* PQG parameters */
mp_int x, k; /* private key & pseudo-random integer */
mp_int r, s; /* tuple (r, s) is signature) */
mp_int t; /* holding tmp values */
mp_int ar; /* holding blinding values */
+ mp_digit fuzz; /* blinding multiplier for q */
mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
unsigned int dsa_subprime_len, dsa_signature_len, offset;
@@ -373,6 +374,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
CHECK_MPI_OK(mp_init(&s));
CHECK_MPI_OK(mp_init(&t));
CHECK_MPI_OK(mp_init(&ar));
+
/*
** Convert stored PQG and private key into MPI integers.
*/
@@ -380,14 +382,28 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
SECITEM_TO_MPINT(key->params.subPrime, &q);
SECITEM_TO_MPINT(key->params.base, &g);
SECITEM_TO_MPINT(key->privateValue, &x);
- OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
+ OCTETS_TO_MPINT(kbytes, &k, dsa_subprime_len);
+
+ /* k blinding create a single value that has the high bit set in
+ * the mp_digit*/
+ if (RNG_GenerateGlobalRandomBytes(&fuzz, sizeof(mp_digit)) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ rv = SECFailure;
+ goto cleanup;
+ }
+ fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
/*
** FIPS 186-1, Section 5, Step 1
**
** r = (g**k mod p) mod q
*/
- CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
- CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
+ CHECK_MPI_OK(mp_mul_d(&q, fuzz, &t)); /* t = q*fuzz */
+ CHECK_MPI_OK(mp_add(&k, &t, &t)); /* t = k+q*fuzz */
+ /* length of t is now fixed, bits in k have been blinded */
+ CHECK_MPI_OK(mp_exptmod(&g, &t, &p, &r)); /* r = g**t mod p */
+ /* r is now g**(k+q*fuzz) == g**k mod p */
+ CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
+
/*
** FIPS 186-1, Section 5, Step 2
**
@@ -411,15 +427,24 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
/* Using mp_invmod on k directly would leak bits from k. */
CHECK_MPI_OK(mp_mul(&k, &ar, &k)); /* k = k * ar */
CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
- CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
+ /* k is now k*t*ar */
+ CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
+ /* k is now (k*t*ar)**-1 */
CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
- SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
+ /* k is now (k*ar)**-1 */
+ SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
/* To avoid leaking secret bits here the addition is blinded. */
- CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
- CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
+ CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
+ /* x is now x*ar */
+ CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
+ /* x is now x*r*ar */
CHECK_MPI_OK(mp_mulmod(&s, &ar, &q, &t)); /* t = s * ar mod q */
- CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
- CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
+ /* t is now hash(M)*ar */
+ CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
+ /* s is now (HASH(M)+x*r)*ar */
+ CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
+ /* s is now (HASH(M)+x*r)*ar*(k*ar)**-1 = (k**-1)*(HASH(M)+x*r) */
+
/*
** verify r != 0 and s != 0
** mentioned as optional in FIPS 186-1.
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index b8d9da65c..2701a1ea1 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -22,10 +22,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.48" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.48.2" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 48
-#define NSS_VPATCH 1
+#define NSS_VPATCH 2
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index 7238d257f..a1c8f8c5c 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -17,10 +17,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.48" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.48.2" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 48
-#define SOFTOKEN_VPATCH 1
+#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index 4a4dd7a53..f067465c8 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.48"
+#define NSSUTIL_VERSION "3.48.2"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 48
-#define NSSUTIL_VPATCH 1
+#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
diff --git a/widget/windows/nsDataObj.cpp b/widget/windows/nsDataObj.cpp
index a19dcb182..80abf3521 100644
--- a/widget/windows/nsDataObj.cpp
+++ b/widget/windows/nsDataObj.cpp
@@ -1168,14 +1168,14 @@ nsDataObj :: GetFileDescriptorInternetShortcutA ( FORMATETC& aFE, STGMEDIUM& aST
}
// get a valid filename in the following order: 1) from the page title,
- // 2) localized string for an untitled page, 3) just use "Untitled.URL"
- if (!CreateFilenameFromTextA(title, ".URL",
+ // 2) localized string for an untitled page, 3) just use "Untitled.url"
+ if (!CreateFilenameFromTextA(title, ".url",
fileGroupDescA->fgd[0].cFileName, NS_MAX_FILEDESCRIPTOR)) {
nsXPIDLString untitled;
if (!GetLocalizedString(u"noPageTitle", untitled) ||
- !CreateFilenameFromTextA(untitled, ".URL",
+ !CreateFilenameFromTextA(untitled, ".url",
fileGroupDescA->fgd[0].cFileName, NS_MAX_FILEDESCRIPTOR)) {
- strcpy(fileGroupDescA->fgd[0].cFileName, "Untitled.URL");
+ strcpy(fileGroupDescA->fgd[0].cFileName, "Untitled.url");
}
}
@@ -1209,14 +1209,14 @@ nsDataObj :: GetFileDescriptorInternetShortcutW ( FORMATETC& aFE, STGMEDIUM& aST
}
// get a valid filename in the following order: 1) from the page title,
- // 2) localized string for an untitled page, 3) just use "Untitled.URL"
- if (!CreateFilenameFromTextW(title, L".URL",
+ // 2) localized string for an untitled page, 3) just use "Untitled.url"
+ if (!CreateFilenameFromTextW(title, L".url",
fileGroupDescW->fgd[0].cFileName, NS_MAX_FILEDESCRIPTOR)) {
nsXPIDLString untitled;
if (!GetLocalizedString(u"noPageTitle", untitled) ||
- !CreateFilenameFromTextW(untitled, L".URL",
+ !CreateFilenameFromTextW(untitled, L".url",
fileGroupDescW->fgd[0].cFileName, NS_MAX_FILEDESCRIPTOR)) {
- wcscpy(fileGroupDescW->fgd[0].cFileName, L"Untitled.URL");
+ wcscpy(fileGroupDescW->fgd[0].cFileName, L"Untitled.url");
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 16:26:48 +0000