Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
N
nss
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
staging
rpms
nss
Commits
5c5a62a5
Commit
5c5a62a5
authored
10 months ago
by
Rocky Automation
Browse files
Options
Downloads
Patches
Plain Diff
import nss-3.90.0-7.el9_3
parent
79fad0fd
No related branches found
Branches containing commit
Tags
imports/r9/nss-3.90.0-7.el9_3
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
.nss.checksum
+1
-1
1 addition, 1 deletion
.nss.checksum
SOURCES/nss-3.90-ecdsa-sign-padding-fix.patch
+335
-0
335 additions, 0 deletions
SOURCES/nss-3.90-ecdsa-sign-padding-fix.patch
SPECS/nss.spec
+5
-1
5 additions, 1 deletion
SPECS/nss.spec
with
341 additions
and
2 deletions
.nss.checksum
+
1
−
1
View file @
5c5a62a5
be54fdbb3acb2de3d452ae3a71f1d14ed1cab5225c1e477c27e40f46d4419cba
4c29f49a506165778f4e6d97c3a29956add5869003171d22f5051c96564344d5
This diff is collapsed.
Click to expand it.
SOURCES/nss-3.90-ecdsa-sign-padding-fix.patch
0 → 100644
+
335
−
0
View file @
5c5a62a5
--- ./gtests/pk11_gtest/pk11_ecdsa_vectors.h.ecdsa-sign-padding-fix 2024-04-04 21:20:23.166838534 +0200
+++ ./gtests/pk11_gtest/pk11_ecdsa_vectors.h 2024-04-10 09:05:12.664050773 +0200
@@ -280,4 +280,101 @@
const uint8_t kP256SpkiPointNotOnCurve[]
0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77,
0xa3, 0xc2, 0x94, 0x00, 0x33, 0x11, 0x77};
+const uint8_t kP521DataUnpaddedSigLong[] = {'W', 'T', 'F', '6', '0', 'M', 'W', 'M', 'N', '3'};
+const uint8_t kP521DataUnpaddedSigShort[] = { 'M', 'I', '6', '3', 'V', 'N', 'G', 'L', 'F', 'R',};
+const uint8_t kP521SpkiUnpaddedSig[] = {
+ 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86,
+ 0x00, 0x04, 0x01, 0xd2, 0x37, 0xeb, 0x78, 0xc7, 0x9b, 0x86, 0xff, 0x29,
+ 0x7b, 0x55, 0x4d, 0x11, 0xc7, 0x9c, 0x2d, 0xc1, 0x67, 0x9f, 0xad, 0x2a,
+ 0xa9, 0xb9, 0x51, 0x30, 0x6d, 0xde, 0x14, 0x16, 0xea, 0xb3, 0x9d, 0x18,
+ 0xfc, 0xf0, 0x38, 0x6e, 0x7f, 0xa6, 0x82, 0xb9, 0x19, 0x01, 0xaf, 0xe7,
+ 0xc3, 0xd8, 0xec, 0x9a, 0x62, 0x7b, 0xbf, 0x41, 0xc7, 0x86, 0x89, 0x52,
+ 0x76, 0x8e, 0x01, 0x97, 0x1b, 0x16, 0x97, 0x69, 0x01, 0x2d, 0x07, 0x88,
+ 0x6f, 0xe0, 0x17, 0xbe, 0x82, 0xc4, 0x12, 0xd6, 0x16, 0x72, 0xf8, 0x57,
+ 0x75, 0x5c, 0x69, 0x79, 0xd0, 0x11, 0x05, 0x96, 0x2f, 0xa4, 0x61, 0xcd,
+ 0x8f, 0x54, 0x95, 0x58, 0xbd, 0x7d, 0x71, 0x84, 0x63, 0x18, 0xb8, 0x5b,
+ 0xaa, 0x1b, 0xd2, 0xe9, 0x65, 0x63, 0x15, 0x34, 0x25, 0x35, 0x2f, 0x35,
+ 0x27, 0x3a, 0x84, 0x42, 0x7a, 0x42, 0x8e, 0xfd, 0x15, 0xbe, 0x0c, 0x0c,
+ 0xe2, 0x9f};
+const uint8_t kP521SignatureUnpaddedSigLong[] = {
+ 0x01, 0xa7, 0x3a, 0x14, 0x79, 0x77, 0x9e, 0x48, 0xb0, 0xff, 0xb5, 0xbe,
+ 0xfb, 0xfa, 0x7a, 0x84, 0x24, 0xb3, 0x5c, 0xf0, 0xfd, 0x77, 0x9d, 0xd4,
+ 0x66, 0x49, 0xfd, 0xbf, 0x04, 0xbf, 0xbb, 0x75, 0x22, 0xbb, 0x35, 0x42,
+ 0xdb, 0xe7, 0xed, 0x5a, 0x8f, 0x15, 0xf3, 0xa9, 0x0e, 0xb6, 0x5b, 0xde,
+ 0x23, 0x79, 0x47, 0xa7, 0x1d, 0x25, 0x24, 0x68, 0x63, 0xf6, 0x9c, 0x2e,
+ 0x21, 0xe0, 0x30, 0xfc, 0xd3, 0x65, 0x01, 0x12, 0x4e, 0xf0, 0xbb, 0x89,
+ 0xec, 0xec, 0x4f, 0xef, 0xbe, 0xdc, 0xd6, 0xac, 0xa4, 0x16, 0x68, 0x2b,
+ 0x78, 0xdf, 0x6c, 0x6e, 0xb8, 0xf4, 0x5b, 0x45, 0x1b, 0xdd, 0x84, 0x40,
+ 0x94, 0x07, 0xc7, 0xbc, 0xb6, 0x57, 0x92, 0xf1, 0x64, 0xb9, 0x2c, 0xcb,
+ 0x1d, 0xbe, 0x1c, 0x93, 0x78, 0x97, 0x8b, 0x84, 0x4e, 0x69, 0x6d, 0x0b,
+ 0xb0, 0x5f, 0xf1, 0x84, 0x18, 0x82, 0x8d, 0x55, 0xdf, 0x36, 0x43, 0x8a};
+const uint8_t kP521SignatureUnpaddedSigShort[] = {
+ 0x40, 0x12, 0xa7, 0x96, 0x5d, 0x77, 0xba, 0x8a, 0x90, 0x57, 0x52, 0x11,
+ 0xad, 0x72, 0x21, 0xd6, 0x6c, 0x73, 0x81, 0x43, 0x5d, 0x09, 0xe4, 0xde,
+ 0xee, 0xc2, 0xb5, 0x03, 0x1f, 0x0f, 0xd1, 0x6a, 0xfc, 0x26, 0x6d, 0x99,
+ 0x6d, 0x84, 0x32, 0x05, 0x56, 0x66, 0xe3, 0x6b, 0xf7, 0xf2, 0x04, 0xc9,
+ 0x44, 0x17, 0xaa, 0xbd, 0x24, 0xd8, 0x87, 0x4e, 0x53, 0x9d, 0x08, 0x65,
+ 0x91, 0x95, 0xeb, 0xeb, 0x92, 0x0b, 0xdb, 0x34, 0x80, 0xe8, 0x9f, 0x38,
+ 0x73, 0x00, 0x7c, 0xfc, 0x2b, 0xfa, 0xcf, 0xa6, 0x6c, 0x1c, 0xb0, 0x75,
+ 0x76, 0x01, 0x22, 0xe7, 0x3c, 0xd8, 0xc4, 0x1f, 0x5e, 0xde, 0x0b, 0x95,
+ 0x7a, 0x50, 0x2b, 0x8c, 0x87, 0xc4, 0x12, 0x8e, 0x00, 0x09, 0x29, 0x2c,
+ 0x21, 0xd1, 0x96, 0xa0, 0xf3, 0x0f, 0x54, 0xdb, 0x6a, 0xbb, 0x90, 0xf5,
+ 0x5c, 0x7a, 0x8d, 0x83, 0x9c, 0x39, 0x38, 0x58, 0x5a, 0x0e};
+const uint8_t kP384DataUnpaddedSigLong[] = {'L', 'T', 'N', '4', 'B', 'P', 'X', 'Y', '5', 'N'};
+const uint8_t kP384DataUnpaddedSigShort[] = {'3', 'U', 'S', 'N', 'N', 'U', '6', 'E', 'E', '0'};
+const uint8_t kP384SpkiUnpaddedSig[] = {
+ 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
+ 0x1e, 0x98, 0x4c, 0xcf, 0x05, 0xd4, 0x9b, 0x98, 0x11, 0xae, 0xa1, 0xaa,
+ 0x72, 0x27, 0xac, 0xde, 0x7f, 0xe8, 0x4d, 0xda, 0xaa, 0x67, 0x51, 0x2e,
+ 0x0b, 0x30, 0x31, 0xab, 0x05, 0xac, 0x95, 0xdf, 0x09, 0x96, 0xcf, 0xe3,
+ 0xf5, 0xfa, 0x30, 0xad, 0x43, 0x0b, 0xa5, 0x7e, 0xd7, 0xd1, 0xee, 0x4e,
+ 0x83, 0x53, 0xe3, 0x26, 0xeb, 0xc1, 0xc9, 0xe5, 0x35, 0x36, 0x1a, 0xbf,
+ 0xbf, 0x99, 0xd6, 0xe2, 0x14, 0x43, 0xcb, 0x54, 0xde, 0x06, 0xb5, 0x7d,
+ 0x27, 0xb7, 0xc2, 0x27, 0xaf, 0xb6, 0x12, 0x4f, 0x47, 0xa0, 0xdb, 0xb5,
+ 0x6e, 0x7b, 0x44, 0x0d, 0xc8, 0xbd, 0x13, 0x3c, 0x27, 0x7c, 0xf2, 0x3a};
+const uint8_t kP384SignatureUnpaddedSigLong[] = {
+ 0x19, 0x22, 0x21, 0x72, 0x8a, 0xa4, 0x22, 0x26, 0x75, 0x16, 0x9c, 0x58,
+ 0x93, 0xd8, 0x43, 0xac, 0x28, 0x78, 0xe7, 0xe2, 0xf2, 0x5d, 0xa6, 0x59,
+ 0x74, 0x6d, 0x55, 0x95, 0xe1, 0xa8, 0xc9, 0x18, 0x54, 0x5d, 0x03, 0xa0,
+ 0xb0, 0x90, 0xe9, 0xf1, 0xc5, 0xf6, 0x29, 0x1a, 0x50, 0x9d, 0xe3, 0xde,
+ 0x4a, 0x69, 0xdf, 0x1b, 0xe5, 0x53, 0xd7, 0xe8, 0xd4, 0xbf, 0x8c, 0xfc,
+ 0x07, 0x66, 0xbc, 0xa7, 0xb5, 0x47, 0x29, 0xbd, 0x15, 0x8c, 0x57, 0x6c,
+ 0xde, 0x37, 0x57, 0xa4, 0xd4, 0x61, 0x79, 0x92, 0x67, 0x25, 0x2e, 0xbc,
+ 0x8b, 0x88, 0x6a, 0xfa, 0xa5, 0x00, 0x19, 0x11, 0x64, 0x69, 0x7b, 0xf6};
+const uint8_t kP384SignatureUnpaddedSigShort[] = {
+ 0x69, 0xe6, 0xc2, 0xd0, 0xb0, 0x59, 0xca, 0x1f, 0x07, 0x4c, 0x90, 0x13,
+ 0x75, 0xe0, 0xc5, 0xb9, 0x38, 0xf2, 0xd8, 0x55, 0xf7, 0x08, 0xbd, 0x8e,
+ 0x61, 0xbd, 0x50, 0x7e, 0xb6, 0xb5, 0xea, 0xbc, 0xa4, 0xa0, 0x18, 0x9b,
+ 0x63, 0x6b, 0x8a, 0x91, 0x88, 0x39, 0x0a, 0xbe, 0x6a, 0xb6, 0x4b, 0xaf,
+ 0xcb, 0x31, 0x89, 0xcf, 0x43, 0x28, 0x4b, 0x04, 0x6a, 0xe0, 0x8d, 0xbc,
+ 0xbf, 0xa2, 0x45, 0xdf, 0x1c, 0x83, 0x82, 0x3e, 0x2b, 0xa3, 0xea, 0x50,
+ 0x80, 0xec, 0x31, 0x48, 0x20, 0x30, 0x75, 0x94, 0xd9, 0x08, 0x9f, 0x6f,
+ 0x53, 0x21, 0x6f, 0x72, 0x74, 0x0c, 0xc4, 0x21, 0x28, 0xc9};
+const uint8_t kP256DataUnpaddedSigLong[] = {'J', '5', 'C', 'N', 'Q', 'T', 'F', 'A', 'J', 'T'};
+const uint8_t kP256DataUnpaddedSigShort[] = {'K', 'O', 'S', '9', '4', 'F', 'V', 'C', 'Y', 'C'};
+const uint8_t kP256SpkiUnpaddedSig[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x30, 0x40, 0x9d, 0x57, 0xdd, 0xd0, 0x70, 0x1d, 0x4b,
+ 0x40, 0x84, 0xd4, 0x7a, 0xc0, 0x30, 0x68, 0x33, 0xf1, 0x1d, 0x47, 0xaa,
+ 0x37, 0x4d, 0xe2, 0xc8, 0xce, 0xdc, 0x82, 0x1d, 0xf7, 0xcf, 0xdd, 0x9e,
+ 0xb6, 0x6c, 0x85, 0x87, 0x9d, 0x31, 0x79, 0x7e, 0xe4, 0xe9, 0xc7, 0x4f,
+ 0xd6, 0x07, 0x1d, 0x2f, 0x54, 0x82, 0x5d, 0x22, 0xbf, 0xbc, 0xf0, 0x75,
+ 0x01, 0x09, 0x43, 0xc6, 0x52, 0xcb, 0x45 };
+const uint8_t kP256SignatureUnpaddedSigLong[] = {
+ 0xad, 0x6f, 0xcf, 0x41, 0xc1, 0x83, 0xe3, 0x6f, 0xe0, 0x2c, 0x9f, 0x56,
+ 0xa5, 0x17, 0x60, 0xbf, 0x80, 0x71, 0x18, 0x54, 0x1d, 0x82, 0xdb, 0xe6,
+ 0xc2, 0x4e, 0x60, 0x4a, 0xa6, 0x0c, 0xed, 0xcf, 0xe9, 0xbf, 0xda, 0x11,
+ 0xc2, 0x0a, 0x9c, 0x02, 0x5f, 0xb6, 0xa0, 0xb8, 0xbc, 0xda, 0xbf, 0x80,
+ 0xb4, 0xfb, 0x68, 0xab, 0xc8, 0xa8, 0x07, 0xeb, 0x50, 0x5c, 0x8a, 0x47,
+ 0xcf, 0x61, 0x91, 0x5f};
+const uint8_t kP256SignatureUnpaddedSigShort[] = {
+ 0x3d, 0x99, 0x94, 0xa9, 0x80, 0x12, 0x43, 0x27, 0xde, 0x78, 0x9e, 0x61,
+ 0xaf, 0x10, 0xee, 0xd2, 0x22, 0xc6, 0x6e, 0x1c, 0xdf, 0xe7, 0x75, 0x28,
+ 0x84, 0xae, 0xb8, 0xdb, 0x7b, 0xf1, 0x91, 0x86, 0x5b, 0x5a, 0x28, 0x16,
+ 0x15, 0xfe, 0xd9, 0x48, 0x33, 0x95, 0xa8, 0x8f, 0x92, 0xbb, 0xe3, 0x9c,
+ 0xca, 0x04, 0xef, 0x56, 0x48, 0x16, 0x73, 0xa6, 0xb6, 0x6a, 0x38, 0xc9,
+ 0x78, 0xc4};
} // namespace nss_test
--- ./gtests/pk11_gtest/pk11_ecdsa_unittest.cc.ecdsa-sign-padding-fix 2024-04-04 21:19:59.583677319 +0200
+++ ./gtests/pk11_gtest/pk11_ecdsa_unittest.cc 2024-04-10 17:03:24.202133898 +0200
@@ -326,4 +326,47 @@
INSTANTIATE_TEST_SUITE_P(Pkcs11EcdsaRoun
SEC_OID_SECG_EC_SECP521R1,
SEC_OID_CURVE25519));
+class Pkcs11EcdsaUnpaddedSignatureTest
+ : public Pkcs11EcdsaTestBase,
+ public ::testing::WithParamInterface<Pkcs11EcdsaTestParams> {
+ public:
+ Pkcs11EcdsaUnpaddedSignatureTest() : Pkcs11EcdsaTestBase(GetParam().hash_oid_) {}
+};
+
+static const Pkcs11EcdsaTestParams kEcdsaUnpaddedSignaturesVectors[] = {
+ {SEC_OID_SHA512,
+ {DataBuffer(NULL, 0),
+ DataBuffer(kP256SpkiUnpaddedSig, sizeof(kP256SpkiUnpaddedSig)),
+ DataBuffer(kP256DataUnpaddedSigLong, sizeof(kP256DataUnpaddedSigLong)),
+ DataBuffer(kP256SignatureUnpaddedSigLong, sizeof(kP256SignatureUnpaddedSigLong))}},
+ {SEC_OID_SHA512,
+ {DataBuffer(NULL, 0),
+ DataBuffer(kP256SpkiUnpaddedSig, sizeof(kP256SpkiUnpaddedSig)),
+ DataBuffer(kP256DataUnpaddedSigShort, sizeof(kP256DataUnpaddedSigShort)),
+ DataBuffer(kP256SignatureUnpaddedSigShort, sizeof(kP256SignatureUnpaddedSigShort))}},
+ {SEC_OID_SHA512,
+ {DataBuffer(NULL, 0),
+ DataBuffer(kP384SpkiUnpaddedSig, sizeof(kP384SpkiUnpaddedSig)),
+ DataBuffer(kP384DataUnpaddedSigLong, sizeof(kP384DataUnpaddedSigLong)),
+ DataBuffer(kP384SignatureUnpaddedSigLong, sizeof(kP384SignatureUnpaddedSigLong))}},
+ {SEC_OID_SHA512,
+ {DataBuffer(NULL, 0),
+ DataBuffer(kP384SpkiUnpaddedSig, sizeof(kP384SpkiUnpaddedSig)),
+ DataBuffer(kP384DataUnpaddedSigShort, sizeof(kP384DataUnpaddedSigShort)),
+ DataBuffer(kP384SignatureUnpaddedSigShort, sizeof(kP384SignatureUnpaddedSigShort))}},
+ {SEC_OID_SHA512,
+ {DataBuffer(NULL, 0),
+ DataBuffer(kP521SpkiUnpaddedSig, sizeof(kP521SpkiUnpaddedSig)),
+ DataBuffer(kP521DataUnpaddedSigLong, sizeof(kP521DataUnpaddedSigLong)),
+ DataBuffer(kP521SignatureUnpaddedSigLong, sizeof(kP521SignatureUnpaddedSigLong))}},
+ {SEC_OID_SHA512,
+ {DataBuffer(NULL, 0),
+ DataBuffer(kP521SpkiUnpaddedSig, sizeof(kP521SpkiUnpaddedSig)),
+ DataBuffer(kP521DataUnpaddedSigShort, sizeof(kP521DataUnpaddedSigShort)),
+ DataBuffer(kP521SignatureUnpaddedSigShort, sizeof(kP521SignatureUnpaddedSigShort))}}
+};
+
+TEST_P(Pkcs11EcdsaUnpaddedSignatureTest, Verify) { Verify(GetParam().sig_params_); }
+INSTANTIATE_TEST_SUITE_P(EcdsaVerifyUnpaddedSignatures, Pkcs11EcdsaUnpaddedSignatureTest,
+ ::testing::ValuesIn(kEcdsaUnpaddedSignaturesVectors));
} // namespace nss_test
--- ./lib/freebl/ecl/ecp_secp256r1.c.ecdsa-sign-padding-fix 2024-04-09 14:58:28.413482715 +0200
+++ ./lib/freebl/ecl/ecp_secp256r1.c 2024-04-09 21:15:23.717222679 +0200
@@ -214,6 +214,9 @@
ec_secp256r1_verify_digest(ECPublicKey *
{
SECStatus res = SECSuccess;
+ unsigned char _padded_sig_data[64] = { 0 };
+ unsigned char *sig_r, *sig_s;
+
if (!key || !signature || !digest ||
!key->publicValue.data ||
!signature->data || !digest->data ||
@@ -223,9 +226,10 @@
ec_secp256r1_verify_digest(ECPublicKey *
return res;
}
- if (key->publicValue.len != 65 ||
- digest->len == 0 ||
- signature->len != 64) {
+ unsigned int olen = key->ecParams.order.len;
+ if (signature->len == 0 || signature->len % 2 != 0 ||
+ signature->len > 2 * olen ||
+ digest->len == 0 || key->publicValue.len != 65) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
res = SECFailure;
return res;
@@ -237,6 +241,25 @@
ec_secp256r1_verify_digest(ECPublicKey *
return res;
}
+ /* P-256 signature has to be 64 bytes long, pad it with 0s if it isn't */
+ if (signature->len != 64) {
+ unsigned split = signature->len / 2;
+ unsigned pad = 32 - split;
+
+ unsigned char *o_sig = signature->data;
+ unsigned char *p_sig = _padded_sig_data;
+
+ memcpy(p_sig + pad, o_sig, split);
+ memcpy(p_sig + 32 + pad, o_sig + split, split);
+
+ sig_r = p_sig;
+ sig_s = p_sig + 32;
+ } else {
+ sig_r = signature->data;
+ sig_s = signature->data + 32;
+ }
+
+
uint8_t hash[32] = { 0 };
if (digest->len < 32) {
memcpy(hash + 32 - digest->len, digest->data, digest->len);
@@ -247,7 +270,7 @@
ec_secp256r1_verify_digest(ECPublicKey *
bool b = Hacl_P256_ecdsa_verif_without_hash(
32, hash,
key->publicValue.data + 1,
- signature->data, signature->data + 32);
+ sig_r, sig_s);
if (!b) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
res = SECFailure;
--- ./lib/freebl/ecl/ecp_secp384r1.c.ecdsa-sign-padding-fix 2024-04-09 14:58:12.726377972 +0200
+++ ./lib/freebl/ecl/ecp_secp384r1.c 2024-04-09 14:50:47.932425779 +0200
@@ -185,6 +185,9 @@
ec_secp384r1_verify_digest(ECPublicKey *
{
SECStatus res = SECSuccess;
+ unsigned char _padded_sig_data[96] = { 0 };
+ unsigned char *sig_r, *sig_s;
+
if (!key || !signature || !digest ||
!key->publicValue.data ||
!signature->data || !digest->data ||
@@ -194,9 +197,10 @@
ec_secp384r1_verify_digest(ECPublicKey *
return res;
}
- if (key->publicValue.len != 97 ||
- digest->len == 0 ||
- signature->len != 96) {
+ unsigned int olen = key->ecParams.order.len;
+ if (signature->len == 0 || signature->len % 2 != 0 ||
+ signature->len > 2 * olen ||
+ digest->len == 0 || key->publicValue.len != 97) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
res = SECFailure;
return res;
@@ -208,6 +212,24 @@
ec_secp384r1_verify_digest(ECPublicKey *
return res;
}
+ /* P-384 signature has to be 96 bytes long, pad it with 0s if it isn't */
+ if (signature->len != 96) {
+ unsigned split = signature->len / 2;
+ unsigned pad = 48 - split;
+
+ unsigned char *o_sig = signature->data;
+ unsigned char *p_sig = _padded_sig_data;
+
+ memcpy(p_sig + pad, o_sig, split);
+ memcpy(p_sig + 48 + pad, o_sig + split, split);
+
+ sig_r = p_sig;
+ sig_s = p_sig + 48;
+ } else {
+ sig_r = signature->data;
+ sig_s = signature->data + 48;
+ }
+
uint8_t hash[48] = { 0 };
if (digest->len < 48) {
memcpy(hash + 48 - digest->len, digest->data, digest->len);
@@ -218,7 +240,7 @@
ec_secp384r1_verify_digest(ECPublicKey *
bool b = Hacl_P384_ecdsa_verif_without_hash(
48, hash,
key->publicValue.data + 1,
- signature->data, signature->data + 48);
+ sig_r, sig_s);
if (!b) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
res = SECFailure;
--- ./lib/freebl/ecl/ecp_secp521r1.c.ecdsa-sign-padding-fix 2024-04-05 22:42:26.553728340 +0200
+++ ./lib/freebl/ecl/ecp_secp521r1.c 2024-04-09 13:02:14.821865860 +0200
@@ -189,6 +189,9 @@
ec_secp521r1_verify_digest(ECPublicKey *
{
SECStatus res = SECSuccess;
+ unsigned char _padded_sig_data[132] = { 0 };
+ unsigned char *sig_r, *sig_s;
+
if (!key || !signature || !digest ||
!key->publicValue.data ||
!signature->data || !digest->data ||
@@ -198,9 +201,10 @@
ec_secp521r1_verify_digest(ECPublicKey *
return res;
}
- if (key->publicValue.len != 133 ||
- digest->len == 0 ||
- signature->len != 132) {
+ unsigned int olen = key->ecParams.order.len;
+ if (signature->len == 0 || signature->len % 2 != 0 ||
+ signature->len > 2 * olen ||
+ digest->len == 0 || key->publicValue.len != 133) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
res = SECFailure;
return res;
@@ -212,6 +216,24 @@
ec_secp521r1_verify_digest(ECPublicKey *
return res;
}
+ /* P-521 signature has to be 132 bytes long, pad it with 0s if it isn't */
+ if (signature->len != 132) {
+ unsigned split = signature->len / 2;
+ unsigned pad = 66 - split;
+
+ unsigned char *o_sig = signature->data;
+ unsigned char *p_sig = _padded_sig_data;
+
+ memcpy(p_sig + pad, o_sig, split);
+ memcpy(p_sig + 66 + pad, o_sig + split, split);
+
+ sig_r = p_sig;
+ sig_s = p_sig + 66;
+ } else {
+ sig_r = signature->data;
+ sig_s = signature->data + 66;
+ }
+
uint8_t hash[66] = { 0 };
if (digest->len < 66) {
memcpy(hash + 66 - digest->len, digest->data, digest->len);
@@ -227,7 +249,7 @@
ec_secp521r1_verify_digest(ECPublicKey *
bool b = Hacl_P521_ecdsa_verif_without_hash(
66, hash,
key->publicValue.data + 1,
- signature->data, signature->data + 66);
+ sig_r, sig_s);
if (!b) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
res = SECFailure;
This diff is collapsed.
Click to expand it.
SPECS/nss.spec
+
5
−
1
View file @
5c5a62a5
%global nss_version 3.90.0
%global nspr_version 4.35.0
%global baserelease
6
%global baserelease
7
%global nss_release %baserelease
# NOTE: To avoid NVR clashes of nspr* packages:
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
...
...
@@ -194,6 +194,7 @@ Patch91: nss_p384_scalar_validated.patch
Patch92: nss_p384_hacl.patch
Patch93: nss_p521_hacl.patch
Patch94: nss-3.90-ecc-wrap-fix.patch
Patch95: nss-3.90-ecdsa-sign-padding-fix.patch
Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch
...
...
@@ -1193,6 +1194,9 @@ update-crypto-policies &> /dev/null || :
%changelog
* Wed Apr 10 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-7
- Allow for shorter ecdsa signatures by padding them to full length
* Tue Jan 23 2024 Bob Relyea <rrelyea@redhat.com> - 3.90.0-6
- Fix ecc DER wrapping.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment