rpms/nss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Related: RHEL-46852

Browse Source 
Fix chacha timing issue
This commit is contained in:
Robert Relyea 2024-07-25 18:22:11 -07:00
parent 3769bf7f69
commit 973a7324f3
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
nss-3.101-chacha-timing-fix.patch Normal file
View File

@ -0,0 +1,59 @@
diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
--- a/lib/freebl/chacha20poly1305.c
+++ b/lib/freebl/chacha20poly1305.c
@@ -213,27 +213,31 @@
{
#ifdef NSS_X64
#ifndef NSS_DISABLE_AVX2
if (avx2_support()) {
Hacl_Chacha20_Vec256_chacha20_encrypt_256(len, output, block, k, nonce, ctr);
+ return;
}
#endif
#ifndef NSS_DISABLE_SSE3
if (ssse3_support() && sse4_1_support() && avx_support()) {
Hacl_Chacha20_Vec128_chacha20_encrypt_128(len, output, block, k, nonce, ctr);
+ return;
}
#endif
#elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
!defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
if (ppc_crypto_support()) {
chacha20vsx(len, output, block, k, nonce, ctr);
- } else
+ return;
+ }
#endif
{
Hacl_Chacha20_chacha20_encrypt(len, output, block, k, nonce, ctr);
+ return;
}
}
#endif /* NSS_DISABLE_CHACHAPOLY */
SECStatus
@@ -449,20 +453,18 @@
(uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
(uint8_t *)input, output, outTag);
goto finish;
}
#endif
-
- else
#elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
!defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
if (ppc_crypto_support()) {
Chacha20Poly1305_vsx_aead_encrypt(
(uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
(uint8_t *)input, output, outTag);
goto finish;
- } else
+ }
#endif
{
Hacl_Chacha20Poly1305_32_aead_encrypt(
(uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
(uint8_t *)input, output, outTag);

3
nss.spec
View File

@ -192,6 +192,8 @@ Patch78: nss-3.101-fix-pkcs12-md5-decode.patch
Patch79: nss-3.101-el9-restore-old-pkcs12-default.patch Patch79: nss-3.101-el9-restore-old-pkcs12-default.patch
Patch80: nss-3.101-no-p12-smime-policy.patch Patch80: nss-3.101-no-p12-smime-policy.patch
Patch81: nss-3.101-fix-missing-size-checks.patch Patch81: nss-3.101-fix-missing-size-checks.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1905691
Patch82: nss-3.101-chacha-timing-fix.patch
Patch100: nspr-config-pc.patch Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch Patch101: nspr-gcc-atomics.patch
@ -1195,6 +1197,7 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Wed Jul 24 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3 * Wed Jul 24 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3
- Fix missing and inaccurate key length checks - Fix missing and inaccurate key length checks
- Fix chacha timing issue
* Tue Jul 16 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-2 * Tue Jul 16 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-2
- Fix MD-5 decode issue in pkcs #12 - Fix MD-5 decode issue in pkcs #12