Update to NSS 3.12.7 and NSPR 4.8.6....

nss/mozilla/security/nss/lib/cryptohi/seckey.c

Index: nss/mozilla/security/nss/lib/cryptohi/seckey.c
===================================================================
--- nss/mozilla/security/nss/lib/cryptohi/seckey.c	(revision 55475)
+++ nss/mozilla/security/nss/lib/cryptohi/seckey.c	(working copy)
@@ -227,7 +227,17 @@
 SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *cx)
 {
     SECKEYPrivateKey *privk;
-    PK11SlotInfo *slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx);
+    PK11SlotInfo *slot;
+
+    if (!param || !param->base.data || !param->prime.data ||

[wtc, 2010/08/10 00:24:30]

This is a DH key size check.  Without the DH key size check
in ssl3_HandleServerKeyExchange in libssl, we will get here
and still reject the 256-bit DH domain parameters that the
server suggested.

In my testing with Firefox, the test here alone is enough
to cause SSL handshake to fail.  It's just that the error
code SEC_ERROR_INVALID_ARGS is less informative than
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH.

To find the check in ssl3_HandleServerKeyExchange, search
for "< 512" in ssl3con.c.

+        param->prime.len < 512/8 || param->base.len == 0 || 
+        param->base.len > param->prime.len + 1 || 
+	(param->base.len == 1 && param->base.data[0] == 0)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
+
+    slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx);
     if (!slot) {
 	return NULL;
     }
@@ -874,14 +884,14 @@
 	clearptr = rawptr;
 	while ((rawptr < end) && (*rawptr++ & 0x80));
 	if (rawptr >= end) { return SECFailure; }
-	pubk->u.fortezza.KEApriviledge.len = rawptr - clearptr;
-	pubk->u.fortezza.KEApriviledge.data = 
-		(unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEApriviledge.len);
-	if (pubk->u.fortezza.KEApriviledge.data == NULL) {
+	pubk->u.fortezza.KEAprivilege.len = rawptr - clearptr;
+	pubk->u.fortezza.KEAprivilege.data = 
+		(unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEAprivilege.len);
+	if (pubk->u.fortezza.KEAprivilege.data == NULL) {
 		return SECFailure;
 	}
-	PORT_Memcpy(pubk->u.fortezza.KEApriviledge.data,clearptr,
-				pubk->u.fortezza.KEApriviledge.len);
+	PORT_Memcpy(pubk->u.fortezza.KEAprivilege.data,clearptr,
+				pubk->u.fortezza.KEAprivilege.len);
 
 
 	/* now copy the key. The next to bytes are the key length, and the
@@ -906,10 +916,10 @@
 	     * ArenaFree call. We cannot free DSSKey and KEAKey separately */
 	    pubk->u.fortezza.DSSKey.data=
 					pubk->u.fortezza.KEAKey.data;
-	    pubk->u.fortezza.DSSpriviledge.len = 
-				pubk->u.fortezza.KEApriviledge.len;
-	    pubk->u.fortezza.DSSpriviledge.data =
-			pubk->u.fortezza.DSSpriviledge.data;
+	    pubk->u.fortezza.DSSprivilege.len = 
+				pubk->u.fortezza.KEAprivilege.len;
+	    pubk->u.fortezza.DSSprivilege.data =
+			pubk->u.fortezza.DSSprivilege.data;
 	    goto done;
 	}
 		
@@ -925,14 +935,14 @@
 	clearptr = rawptr;
 	while ((rawptr < end) && (*rawptr++ & 0x80));
 	if (rawptr >= end) { return SECFailure; }
-	pubk->u.fortezza.DSSpriviledge.len = rawptr - clearptr;
-	pubk->u.fortezza.DSSpriviledge.data = 
-		(unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSpriviledge.len);
-	if (pubk->u.fortezza.DSSpriviledge.data == NULL) {
+	pubk->u.fortezza.DSSprivilege.len = rawptr - clearptr;
+	pubk->u.fortezza.DSSprivilege.data = 
+		(unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSprivilege.len);
+	if (pubk->u.fortezza.DSSprivilege.data == NULL) {
 		return SECFailure;
 	}
-	PORT_Memcpy(pubk->u.fortezza.DSSpriviledge.data,clearptr,
-				pubk->u.fortezza.DSSpriviledge.len);
+	PORT_Memcpy(pubk->u.fortezza.DSSprivilege.data,clearptr,
+				pubk->u.fortezza.DSSprivilege.len);
 
 	/* finally copy the DSS key. The next to bytes are the key length,
 	 *  and the key follows */
@@ -965,6 +975,12 @@
       case SEC_OID_PKCS1_RSA_ENCRYPTION:
 	keyType = rsaKey;
 	break;
+      case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+	keyType = rsaPssKey;
+	break;
+      case SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION:
+	keyType = rsaOaepKey;
+	break;
       case SEC_OID_ANSIX9_DSA_SIGNATURE:
 	keyType = dsaKey;
 	break;
@@ -1466,16 +1482,20 @@
 
     /* interpret modulus length as key strength... in
      * fortezza that's the public key length */
-
+    if (!pubk)
+    	goto loser;
     switch (pubk->keyType) {
     case rsaKey:
+	if (!pubk->u.rsa.modulus.data) break;
     	b0 = pubk->u.rsa.modulus.data[0];
     	return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
     case dsaKey:
+	if (!pubk->u.dsa.publicValue.data) break;
     	b0 = pubk->u.dsa.publicValue.data[0];
     	return b0 ? pubk->u.dsa.publicValue.len :
 	    pubk->u.dsa.publicValue.len - 1;
     case dhKey:
+	if (!pubk->u.dh.publicValue.data) break;
     	b0 = pubk->u.dh.publicValue.data[0];
     	return b0 ? pubk->u.dh.publicValue.len :
 	    pubk->u.dh.publicValue.len - 1;
@@ -1488,6 +1508,7 @@
     default:
 	break;
     }
+loser:
     PORT_SetError(SEC_ERROR_INVALID_KEY);
     return 0;
 }
@@ -1654,11 +1675,11 @@
           rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.clearance, 
                                 &pubk->u.fortezza.clearance);
           if (rv != SECSuccess) break;
-          rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEApriviledge, 
-                                &pubk->u.fortezza.KEApriviledge);
+          rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEAprivilege, 
+                                &pubk->u.fortezza.KEAprivilege);
           if (rv != SECSuccess) break;
-          rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSpriviledge, 
-                                &pubk->u.fortezza.DSSpriviledge);
+          rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSprivilege, 
+                                &pubk->u.fortezza.DSSprivilege);
           if (rv != SECSuccess) break;
           rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEAKey, 
                                 &pubk->u.fortezza.KEAKey);