File mozilla-neqo-fix-fips-crash.patch of Package MozillaFirefox.20969
Fixes a crash in FIPS mode, as neqo was trying to import keys from raw key material, which is not allowed in FIPS mode.
https://github.com/mozilla/neqo/pull/1247
diff --git a/Cargo.lock b/Cargo.lock
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2268,8 +2268,8 @@ dependencies = [
"log",
"mio",
"mio-extras",
- "neqo-common",
- "neqo-crypto",
+ "neqo-common 0.4.28",
+ "neqo-crypto 0.4.28 (git+https://github.com/mozilla/neqo?tag=v0.4.28)",
"neqo-http3",
"neqo-qpack",
"neqo-transport",
@@ -2770,7 +2770,7 @@ dependencies = [
"libc",
"libloading 0.5.2",
"lucet-module-wasmsbx",
- "memoffset",
+ "memoffset 0.5.6",
"nix",
"num-derive",
"num-traits",
@@ -3231,6 +3231,18 @@ dependencies = [
[[package]]
name = "neqo-common"
version = "0.4.28"
+dependencies = [
+ "chrono",
+ "env_logger",
+ "lazy_static",
+ "log",
+ "qlog",
+ "winapi",
+]
+
+[[package]]
+name = "neqo-common"
+version = "0.4.28"
source = "git+https://github.com/mozilla/neqo?tag=v0.4.28#c3d909e40d2ee68e2937b7dac1831a27520bf460"
dependencies = [
"chrono",
@@ -3244,11 +3256,23 @@ dependencies = [
[[package]]
name = "neqo-crypto"
version = "0.4.28"
+dependencies = [
+ "bindgen",
+ "log",
+ "neqo-common 0.4.28",
+ "serde",
+ "serde_derive",
+ "toml",
+]
+
+[[package]]
+name = "neqo-crypto"
+version = "0.4.28"
source = "git+https://github.com/mozilla/neqo?tag=v0.4.28#c3d909e40d2ee68e2937b7dac1831a27520bf460"
dependencies = [
"bindgen",
"log",
- "neqo-common",
+ "neqo-common 0.4.28 (git+https://github.com/mozilla/neqo?tag=v0.4.28)",
"serde",
"serde_derive",
"toml",
@@ -3257,11 +3281,10 @@ dependencies = [
[[package]]
name = "neqo-http3"
version = "0.4.28"
-source = "git+https://github.com/mozilla/neqo?tag=v0.4.28#c3d909e40d2ee68e2937b7dac1831a27520bf460"
dependencies = [
"log",
- "neqo-common",
- "neqo-crypto",
+ "neqo-common 0.4.28",
+ "neqo-crypto 0.4.28",
"neqo-qpack",
"neqo-transport",
"qlog",
@@ -3271,12 +3294,11 @@ dependencies = [
[[package]]
name = "neqo-qpack"
version = "0.4.28"
-source = "git+https://github.com/mozilla/neqo?tag=v0.4.28#c3d909e40d2ee68e2937b7dac1831a27520bf460"
dependencies = [
"lazy_static",
"log",
- "neqo-common",
- "neqo-crypto",
+ "neqo-common 0.4.28",
+ "neqo-crypto 0.4.28",
"neqo-transport",
"qlog",
"static_assertions",
@@ -3285,13 +3307,12 @@ dependencies = [
[[package]]
name = "neqo-transport"
version = "0.4.28"
-source = "git+https://github.com/mozilla/neqo?tag=v0.4.28#c3d909e40d2ee68e2937b7dac1831a27520bf460"
dependencies = [
"indexmap",
"lazy_static",
"log",
- "neqo-common",
- "neqo-crypto",
+ "neqo-common 0.4.28",
+ "neqo-crypto 0.4.28",
"qlog",
"smallvec",
]
@@ -3301,8 +3322,8 @@ name = "neqo_glue"
version = "0.1.0"
dependencies = [
"log",
- "neqo-common",
- "neqo-crypto",
+ "neqo-common 0.4.28",
+ "neqo-crypto 0.4.28",
"neqo-http3",
"neqo-qpack",
"neqo-transport",
diff --git a/netwerk/protocol/http/Http3Session.cpp b/netwerk/protocol/http/Http3Session.cpp
--- a/netwerk/protocol/http/Http3Session.cpp
+++ b/netwerk/protocol/http/Http3Session.cpp
@@ -119,6 +119,10 @@ nsresult Http3Session::Init(const nsHttp
nsINetAddr* selfAddr, nsINetAddr* peerAddr,
HttpConnectionUDP* udpConn, uint32_t controlFlags,
nsIInterfaceRequestor* callbacks) {
+ // HTTP3/QUIC is not available in FIPS
+// if (PK11_IsFIPS()) {
+// return NS_ERROR_NOT_AVAILABLE;
+// }
LOG3(("Http3Session::Init %p", this));
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
diff --git a/netwerk/socket/neqo_glue/Cargo.toml b/netwerk/socket/neqo_glue/Cargo.toml
--- a/netwerk/socket/neqo_glue/Cargo.toml
+++ b/netwerk/socket/neqo_glue/Cargo.toml
@@ -8,10 +8,10 @@ edition = "2018"
name = "neqo_glue"
[dependencies]
-neqo-http3 = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
-neqo-transport = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
-neqo-common = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
-neqo-qpack = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
+neqo-common = { path = "../../../third_party/rust/neqo-common" }
+neqo-http3 = { path = "../../../third_party/rust/neqo-http3" }
+neqo-qpack = { path = "../../../third_party/rust/neqo-qpack" }
+neqo-transport = { path = "../../../third_party/rust/neqo-transport/" }
nserror = { path = "../../../xpcom/rust/nserror" }
nsstring = { path = "../../../xpcom/rust/nsstring" }
xpcom = { path = "../../../xpcom/rust/xpcom" }
@@ -20,7 +20,6 @@ log = "0.4.0"
qlog = "0.4.0"
[dependencies.neqo-crypto]
-tag = "v0.4.28"
-git = "https://github.com/mozilla/neqo"
+path = "../../../third_party/rust/neqo-crypto"
default-features = false
features = ["gecko"]
diff --git a/netwerk/test/http3server/Cargo.toml b/netwerk/test/http3server/Cargo.toml
--- a/netwerk/test/http3server/Cargo.toml
+++ b/netwerk/test/http3server/Cargo.toml
@@ -5,10 +5,10 @@ authors = ["Dragana Damjanovic <dragana.
edition = "2018"
[dependencies]
-neqo-transport = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
-neqo-common = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
-neqo-http3 = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
-neqo-qpack = { tag = "v0.4.28", git = "https://github.com/mozilla/neqo" }
+neqo-transport = { path = "../../../third_party/rust/neqo-transport" }
+neqo-common = { path = "../../../third_party/rust/neqo-common" }
+neqo-http3 = { path = "../../../third_party/rust/neqo-http3" }
+neqo-qpack = { path = "../../../third_party/rust/neqo-qpack" }
mio = "0.6.17"
mio-extras = "2.0.5"
log = "0.4.0"
diff --git a/third_party/rust/neqo-crypto/bindings/bindings.toml b/third_party/rust/neqo-crypto/bindings/bindings.toml
--- a/third_party/rust/neqo-crypto/bindings/bindings.toml
+++ b/third_party/rust/neqo-crypto/bindings/bindings.toml
@@ -163,7 +163,7 @@ functions = [
"PK11_GetKeyData",
"PK11_GetMechanism",
"PK11_HPKE_Serialize",
- "PK11_ImportSymKey",
+ "PK11_ImportDataKey",
"PK11_ReadRawAttribute",
"PK11_ReferenceSymKey",
"SECITEM_FreeItem",
@@ -196,11 +196,10 @@ variables = [
"CKM_AES_ECB",
"CKM_AES_GCM",
"CKM_EC_KEY_PAIR_GEN",
+ "CKM_HKDF_DERIVE",
"CKM_INVALID_MECHANISM",
"CKM_NSS_CHACHA20_CTR",
"CKM_NSS_CHACHA20_POLY1305",
- "CKM_NSS_HKDF_SHA256",
- "CKM_NSS_HKDF_SHA384",
"PK11_ATTR_INSENSITIVE",
"PK11_ATTR_PRIVATE",
"PK11_ATTR_PUBLIC",
diff --git a/third_party/rust/neqo-crypto/src/hkdf.rs b/third_party/rust/neqo-crypto/src/hkdf.rs
--- a/third_party/rust/neqo-crypto/src/hkdf.rs
+++ b/third_party/rust/neqo-crypto/src/hkdf.rs
@@ -10,8 +10,8 @@ use crate::constants::{
};
use crate::err::{Error, Res};
use crate::p11::{
- random, Item, PK11Origin, PK11SymKey, PK11_ImportSymKey, Slot, SymKey, CKA_DERIVE,
- CKM_NSS_HKDF_SHA256, CKM_NSS_HKDF_SHA384, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE,
+ random, Item, PK11Origin, PK11SymKey, PK11_ImportDataKey, Slot, SymKey, CKA_DERIVE,
+ CKM_HKDF_DERIVE, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE,
};
use std::convert::TryFrom;
@@ -52,27 +52,22 @@ fn key_size(version: Version, cipher: Ci
/// # Errors
/// Only if NSS fails.
pub fn generate_key(version: Version, cipher: Cipher) -> Res<SymKey> {
- import_key(version, cipher, &random(key_size(version, cipher)?))
+ import_key(version, &random(key_size(version, cipher)?))
}
/// Import a symmetric key for use with HKDF.
///
/// # Errors
/// Errors returned if the key buffer is an incompatible size or the NSS functions fail.
-pub fn import_key(version: Version, cipher: Cipher, buf: &[u8]) -> Res<SymKey> {
+pub fn import_key(version: Version, buf: &[u8]) -> Res<SymKey> {
if version != TLS_VERSION_1_3 {
return Err(Error::UnsupportedVersion);
}
- let mech = match cipher {
- TLS_AES_128_GCM_SHA256 | TLS_CHACHA20_POLY1305_SHA256 => CKM_NSS_HKDF_SHA256,
- TLS_AES_256_GCM_SHA384 => CKM_NSS_HKDF_SHA384,
- _ => return Err(Error::UnsupportedCipher),
- };
let slot = Slot::internal()?;
let key_ptr = unsafe {
- PK11_ImportSymKey(
+ PK11_ImportDataKey(
*slot,
- CK_MECHANISM_TYPE::from(mech),
+ CK_MECHANISM_TYPE::from(CKM_HKDF_DERIVE),
PK11Origin::PK11_OriginUnwrap,
CK_ATTRIBUTE_TYPE::from(CKA_DERIVE),
&mut Item::wrap(buf),
diff --git a/third_party/rust/neqo-crypto/src/selfencrypt.rs b/third_party/rust/neqo-crypto/src/selfencrypt.rs
--- a/third_party/rust/neqo-crypto/src/selfencrypt.rs
+++ b/third_party/rust/neqo-crypto/src/selfencrypt.rs
@@ -41,7 +41,7 @@ impl SelfEncrypt {
fn make_aead(&self, k: &SymKey, salt: &[u8]) -> Res<Aead> {
debug_assert_eq!(salt.len(), Self::SALT_LENGTH);
- let salt = hkdf::import_key(self.version, self.cipher, salt)?;
+ let salt = hkdf::import_key(self.version, salt)?;
let secret = hkdf::extract(self.version, self.cipher, Some(&salt), k)?;
Aead::new(self.version, self.cipher, &secret, "neqo self")
}
diff --git a/third_party/rust/neqo-crypto/tests/aead.rs b/third_party/rust/neqo-crypto/tests/aead.rs
--- a/third_party/rust/neqo-crypto/tests/aead.rs
+++ b/third_party/rust/neqo-crypto/tests/aead.rs
@@ -26,7 +26,6 @@ fn make_aead(cipher: Cipher) -> Aead {
let secret = hkdf::import_key(
TLS_VERSION_1_3,
- cipher,
&[
0x47, 0xb2, 0xea, 0xea, 0x6c, 0x26, 0x6e, 0x32, 0xc0, 0x69, 0x7a, 0x9e, 0x2a, 0x89,
0x8b, 0xdf, 0x5c, 0x4f, 0xb3, 0xe5, 0xac, 0x34, 0xf0, 0xe5, 0x49, 0xbf, 0x2c, 0x58,
diff --git a/third_party/rust/neqo-crypto/tests/hkdf.rs b/third_party/rust/neqo-crypto/tests/hkdf.rs
--- a/third_party/rust/neqo-crypto/tests/hkdf.rs
+++ b/third_party/rust/neqo-crypto/tests/hkdf.rs
@@ -38,8 +38,8 @@ fn cipher_hash_len(cipher: Cipher) -> us
fn import_keys(cipher: Cipher) -> (SymKey, SymKey) {
let l = cipher_hash_len(cipher);
(
- hkdf::import_key(TLS_VERSION_1_3, cipher, &SALT[0..l]).expect("import salt"),
- hkdf::import_key(TLS_VERSION_1_3, cipher, &IKM[0..l]).expect("import IKM"),
+ hkdf::import_key(TLS_VERSION_1_3, &SALT[0..l]).expect("import salt"),
+ hkdf::import_key(TLS_VERSION_1_3, &IKM[0..l]).expect("import IKM"),
)
}
diff --git a/third_party/rust/neqo-crypto/tests/hp.rs b/third_party/rust/neqo-crypto/tests/hp.rs
--- a/third_party/rust/neqo-crypto/tests/hp.rs
+++ b/third_party/rust/neqo-crypto/tests/hp.rs
@@ -9,7 +9,7 @@ use neqo_crypto::hp::HpKey;
use test_fixture::fixture_init;
fn make_hp(cipher: Cipher) -> HpKey {
- let ikm = hkdf::import_key(TLS_VERSION_1_3, cipher, &[0; 16]).expect("import IKM");
+ let ikm = hkdf::import_key(TLS_VERSION_1_3, &[0; 16]).expect("import IKM");
let prk = hkdf::extract(TLS_VERSION_1_3, cipher, None, &ikm).expect("extract works");
HpKey::extract(TLS_VERSION_1_3, cipher, &prk, "hp").expect("extract label works")
}
diff --git a/third_party/rust/neqo-transport/src/crypto.rs b/third_party/rust/neqo-transport/src/crypto.rs
--- a/third_party/rust/neqo-transport/src/crypto.rs
+++ b/third_party/rust/neqo-transport/src/crypto.rs
@@ -433,11 +433,11 @@ impl CryptoDxState {
TLS_VERSION_1_3,
cipher,
Some(
- hkdf::import_key(TLS_VERSION_1_3, cipher, salt)
+ hkdf::import_key(TLS_VERSION_1_3, salt)
.as_ref()
.unwrap(),
),
- hkdf::import_key(TLS_VERSION_1_3, cipher, dcid)
+ hkdf::import_key(TLS_VERSION_1_3, dcid)
.as_ref()
.unwrap(),
)
@@ -1094,8 +1094,7 @@ impl CryptoStates {
let app_read = |epoch| CryptoDxAppData {
dx: read(epoch),
cipher: TLS_AES_128_GCM_SHA256,
- next_secret: hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, &[0xaa; 32])
- .unwrap(),
+ next_secret: hkdf::import_key(TLS_VERSION_1_3, &[0xaa; 32]).unwrap(),
};
Self {
initial: Some(CryptoState {
@@ -1120,8 +1119,7 @@ impl CryptoStates {
0x00, 0xa1, 0x54, 0x43, 0xf1, 0x82, 0x03, 0xa0, 0x7d, 0x60, 0x60, 0xf6, 0x88, 0xf3,
0x0f, 0x21, 0x63, 0x2b,
];
- let secret =
- hkdf::import_key(TLS_VERSION_1_3, TLS_CHACHA20_POLY1305_SHA256, SECRET).unwrap();
+ let secret = hkdf::import_key(TLS_VERSION_1_3, SECRET).unwrap();
let app_read = |epoch| CryptoDxAppData {
dx: CryptoDxState {
direction: CryptoDxDirection::Read,
diff --git a/third_party/rust/neqo-transport/src/packet/retry.rs b/third_party/rust/neqo-transport/src/packet/retry.rs
--- a/third_party/rust/neqo-transport/src/packet/retry.rs
+++ b/third_party/rust/neqo-transport/src/packet/retry.rs
@@ -28,7 +28,7 @@ fn make_aead(secret: &[u8]) -> Aead {
#[cfg(debug_assertions)]
::neqo_crypto::assert_initialized();
- let secret = hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, secret).unwrap();
+ let secret = hkdf::import_key(TLS_VERSION_1_3, secret).unwrap();
Aead::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, &secret, "quic ").unwrap()
}
thread_local!(static RETRY_AEAD_29: RefCell<Aead> = RefCell::new(make_aead(RETRY_SECRET_29)));
diff --git a/third_party/rust/neqo-transport/tests/common/mod.rs b/third_party/rust/neqo-transport/tests/common/mod.rs
--- a/third_party/rust/neqo-transport/tests/common/mod.rs
+++ b/third_party/rust/neqo-transport/tests/common/mod.rs
@@ -121,13 +121,11 @@ pub fn client_initial_aead_and_hp(dcid:
TLS_VERSION_1_3,
TLS_AES_128_GCM_SHA256,
Some(
- hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, INITIAL_SALT)
+ hkdf::import_key(TLS_VERSION_1_3, INITIAL_SALT)
.as_ref()
.unwrap(),
),
- hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, dcid)
- .as_ref()
- .unwrap(),
+ hkdf::import_key(TLS_VERSION_1_3, dcid).as_ref().unwrap(),
)
.unwrap();
