Closed Bug 1518728 Opened 5 years ago Closed 5 years ago

update vendored libprio to 1.4

Categories

(Firefox :: General, defect, P3)

defect

Tracking

()

RESOLVED FIXED
Firefox 66
Tracking Status
firefox65 --- fixed
firefox66 --- fixed

People

(Reporter: rhelmer, Assigned: rhelmer)

References

Details

Attachments

(2 files)

libprio 1.3 is out, here are the changes since last import:

commit 981e09efa18b01c641226b1263226a1317274e83
Author: Henry Corrigan-Gibbs <163574+henrycg@users.noreply.github.com>
Date: Tue Jan 8 22:41:57 2019 -0800

Fix security bug in proof-checking code (#60)

* Add PRG_get_int_range() function

* Fix bug in proof-checking code.

Per Appendix D.2 of the full version of the Prio paper, the servers
should evaluate the polynomials f, g, and h at a random point r in the
set {M+1, ..., modulus-1}, where M is the number of multiplication gates
in the "Valid" circuit. The implementation previously sampled the point
r from the larger set {0, ..., modulus-1}.

* Remove extraneous printf() in test code

* Fixes per clang-format

commit 3b3d1b6d4bdd1de0d19f4234b9e2641887ab2945
Author: Robert Helmer <robert@roberthelmer.com>
Date: Tue Jan 8 22:33:56 2019 -0800

bump NSS version to fix travis-CI build (#61)

commit 1f12e2b68d0d8de9c6d928d22d02bd76df9cbeca
Author: Henry Corrigan-Gibbs <163574+henrycg@users.noreply.github.com>
Date: Wed Nov 7 14:24:04 2018 -0800

Issue 57 correctly check max input length (#58)

* Issue #57 - Expose maximum number of data fields

- Add PrioConfig_maxDataFields() to public API
- Check that the number of data fields passed in during config
  creation is not too large.

* Test for PrioConfig_maxDataFields()

* Fix formatting per clang-format.

commit 2c06b4b8d0197ced96f27db41f4edce46a30fce9
Author: Adeebur Rahman <23088430+adeeburrahman@users.noreply.github.com>
Date: Fri Oct 12 00:53:46 2018 -0400

issue #43 - add travis-ci integration for osx (#53)

* issue #43 - add travis-ci integration for osx

* opt for using clang-format on linux side only

commit 00c02f92064806ef5055cb6dff784b1a727fb198
Author: Henry Corrigan-Gibbs <henrycg-git@cs.stanford.edu>
Date: Mon Oct 8 20:30:10 2018 -0700

Ensure that output does not overflow

commit 2bfea2aaee0bc335ef62d45bc4ae655f3ae8a94d
Author: Henry Corrigan-Gibbs <163574+henrycg@users.noreply.github.com>
Date: Tue Oct 2 12:13:39 2018 -0700

Functions for import/export of private keys (#51)

* Allow DEBUG mode without sanitizers

Valgrind is incompatible with AddressSanitizer, so it is nice to turn
on DEBUG mode without the sanitizers.

* PrivateKey import/export functions

* Define PT_CHECK*() macros for better test output

When using P_CHECKC(), you get no information about where
or why the test failed. These macros also call `mu_check()`
so that you can more easily figure out what went wrong.

* Fix clang-format issues

* Configure travis to use NSS 3.39

* Update README with new version dependencies.

* Fixes per rhelmer's review

* Fix typos.
* Use (pointer,length)-style arguments for import and export functions.

commit 49236017671b891ed2d3e0ff8228cfe246ad4a46
Author: Henry Corrigan-Gibbs <163574+henrycg@users.noreply.github.com>
Date: Mon Oct 1 11:25:29 2018 -0700

Add contact details for security bugs (#50)

commit 934173a113ecfcee465aae53deb162be4907434c
Author: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri Sep 28 09:56:42 2018 +0200

memory leak in fft_interpolate_raw

This should probably be `MP_CHECKC`. Otherwise this leaks.
(Found by coverity)

commit 8cb93da723e7d0e20e20271deda5c227b759f938
Author: Henry Corrigan-Gibbs <163574+henrycg@users.noreply.github.com>
Date: Wed Sep 26 14:00:12 2018 -0700

Move `PK11_FreeSlot` below `cleanup` label (#49)

After further testing, we had to take a small change and tag 1.4, this passes tests on tryserver so I'm going to use it instead:

commit a95cfdd5eaf7104582709c54ef23395d24d7f7fd (HEAD -> master, tag: 1.4, origin/master, origin/HEAD)
Author: Robert Helmer <robert@roberthelmer.com>
Date: Wed Jan 9 21:47:00 2019 -0800

use `unsigned long long` to support 64-bit ints on 32-bit platforms (#62)
Summary: update vendored libprio to 1.3 → update vendored libprio to 1.4
Pushed by rhelmer@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cee164c51ba7
update vendored libprio to 1.4 r=glandium
https://hg.mozilla.org/integration/autoland/rev/e56cc5e7b57a
pass key length to libprio public key export function and use long long for output r=hsivonen

Comment on attachment 9035811 [details]
Bug 1518728 - pass key length to libprio public key export function and use long long for output r?hsivonen

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1518728

User impact if declined: This stack of patches fixes a small security bug in libprio. The bug would have taken quite a bit of work to exploit, but is a bug nonetheless. Full explanation upstream at https://github.com/mozilla/libprio/pull/60#issue-242862597

Is this code covered by automated tests?: Yes

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce:

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Prio is shipped with Firefox but off by default. Even though we only intend to activate it for relatively small user populations in the near future, uplifting this now will keep these users secure.

String changes made/needed:

Attachment #9035811 - Flags: approval-mozilla-beta?
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 66

Comment on attachment 9035811 [details]
Bug 1518728 - pass key length to libprio public key export function and use long long for output r?hsivonen

[Triage Comment]
Fixes a sec bug mall in libprio. Off by default but subject to some future experiments. Approved for 65.0b12.

Attachment #9035811 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Blocks: 1539715
You need to log in before you can comment on or make changes to this bug.