File nss-CC-mpi_zeroize.patch of Package mozilla-nss.972
# HG changeset patch
# Parent 9fc16a0c1b75ea6e809709f18249a96ba1a6eb56
# Parent 1e3e7cf1dee9cabe61f9fceb83e4213fbb6310bf
Require MP_CRYPTO to be set to a non-zero value during compilation which
ensures that any memory allocated for a mpi is zeroed before being freed.
Also make sure that ALGORITHM_1 (the non-MPI) variant of GCM implementation
isn't used, since it lacks the necessary zeroizations (and according to
comment in gcm.c it is also noticeably slower).
This patch has to be explicitly disabled in order to compile NSS without the
diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
@@ -32,16 +32,22 @@ static SECStatus gcmHash_Update(gcmHashC
static SECStatus gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize);
static SECStatus gcmHash_Final(gcmHashContext *gcm, unsigned char *outbuf,
unsigned int *outlen, unsigned int maxout,
unsigned int blocksize);
static SECStatus gcmHash_Reset(gcmHashContext *ghash,
const unsigned char *inbuf,
unsigned int inbufLen, unsigned int blocksize);
+/* the ALGORITHM_1 implementation lacks any data structure zeroizations and is
+ * slower (see below) - cancel compilation if it somehow got requested */
+#error "ALGORITHM_1 is not supported in this build"
/* compile time defines to select how the GF2 multiply is calculated.
* There are currently 2 algorithms implemented here: MPI and ALGORITHM_1.
* MPI uses the GF2m implemented in mpi to support GF2 ECC.
* ALGORITHM_1 is the Algorithm 1 in both NIST SP 800-38D and
* "The Galois/Counter Mode of Operation (GCM)", McGrew & Viega.
#if !defined(GCM_USE_ALGORITHM_1) && !defined(GCM_USE_MPI)
diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c
@@ -7,16 +7,20 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#error "MP_CRYPTO has to be defined to make sure data is zeroed before being freed"
#if defined(__arm__) && \
((defined(__thumb__) && !defined(__thumb2__)) || defined(__ARM_ARCH_3__))
/* 16-bit thumb or ARM v3 doesn't work inlined assember version */