Bug 1828465 - Update to RNP version v0.16.3 . r=rjl

Differential Revision: https://phabricator.services.mozilla.com/D176901

--HG--
extra : rebase_source : 3035147d06e5b29483f684f948708b120a82e446

third_party/README.rnp

@@ -1,7 +1,7 @@
 Directory ./rnp contains a copy of rnp which has been obtained from:
 https://github.com/rnpgp/rnp
 
-[commit 298ad98b9ba2fb58e6eadec3c226f8184b41ab98]
+[commit 2f2bab6b4b4268439e4dc2490332b30fc481583a]
 
 If MZLA applied patches on top, the version number in file
 third_party/rnp/src/lib/version.h will contain a suffix that lists

third_party/rnp/CHANGELOG.md

@@ -1,5 +1,12 @@
 ## Changelog
 
+### 0.16.3 [2023-04-11]
+
+#### Security
+
+* Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
+* Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).
+
 ### 0.16.2 [2022-09-20]
 
 #### General

third_party/rnp/docs/installation.adoc

@@ -55,7 +55,7 @@ Prerequisite: please ensure `git` is installed on the system.
 [source,console]
 ----
 # Clone the repository by version tag (or omit it to get the latest sources)
-git clone https://github.com/rnpgp/rnp.git -b v0.16.2
+git clone https://github.com/rnpgp/rnp.git -b v0.16.3
 
 # Install required packages
 sudo apt install g++-8 cmake libbz2-dev zlib1g-dev libjson-c-dev \
@@ -91,7 +91,7 @@ Prerequisite: please ensure `git` is installed on the system.
 [source,console]
 ----
 # Clone the repository by version tag (or omit it to get the latest sources)
-git clone https://github.com/rnpgp/rnp.git -b v0.16.2
+git clone https://github.com/rnpgp/rnp.git -b v0.16.3
 
 # Enable access to `testing` packages by editing /etc/apt/sources.list
 # deb http://deb.debian.org/debian testing main

third_party/rnp/src/lib/version.h

@@ -25,12 +25,12 @@
 
 #define RNP_VERSION_MAJOR 0
 #define RNP_VERSION_MINOR 16
-#define RNP_VERSION_PATCH 2
+#define RNP_VERSION_PATCH 3
 
-#define RNP_VERSION_STRING "0.16.2"
-#define RNP_VERSION_STRING_FULL "0.16.2+git20220922.298ad98b.MZLA+PR2034"
+#define RNP_VERSION_STRING "0.16.3"
+#define RNP_VERSION_STRING_FULL "0.16.3+git20230413.2f2bab6b.MZLA"
 
-#define RNP_VERSION_COMMIT_TIMESTAMP 1663838874
+#define RNP_VERSION_COMMIT_TIMESTAMP 1681345658
 
 // using a 32-bit version with 10 bits per component
 #define RNP_VERSION_COMPONENT_MASK 0x3ff

third_party/rnp/src/librepgp/stream-write.cpp

@@ -1126,7 +1126,7 @@ signed_fill_signature(pgp_dest_signed_param_t &param,
     }
 
     /* decrypt the secret key if needed */
-    rnp::KeyLocker(*signer.key);
+    rnp::KeyLocker keylock(*signer.key);
     if (signer.key->encrypted() &&
         !signer.key->unlock(*param.password_provider, PGP_OP_SIGN)) {
         RNP_LOG("wrong secret key password");

third_party/rnp/src/tests/CMakeLists.txt

@@ -222,11 +222,11 @@ if (DOWNLOAD_RUBYRNP AND NOT ENABLE_SANITIZERS AND BUILD_SHARED_LIBS AND NOT WIN
     GIT_SHALLOW yes
     SOURCE_DIR "${_sourcedir}"
     BUILD_IN_SOURCE yes
-    CONFIGURE_COMMAND ""
+    CONFIGURE_COMMAND bundle config set --local path '.'
     BUILD_COMMAND
       COMMAND bundle add ffi --version 1.15.5
       COMMAND bundle show parallel_tests || bundle add parallel_tests
-      COMMAND bundle install --path .
+      COMMAND bundle install
     INSTALL_COMMAND ""
     TEST_COMMAND ""
   )

third_party/rnp/src/tests/ffi-enc.cpp

@@ -670,6 +670,28 @@ TEST_F(rnp_tests, test_ffi_encrypt_and_sign)
     // make sure the output file was created
     assert_true(rnp_file_exists("encrypted"));
 
+    // check whether keys are locked
+    rnp_identifier_iterator_t it = NULL;
+    assert_rnp_success(rnp_identifier_iterator_create(ffi, &it, "fingerprint"));
+    const char *fprint = NULL;
+    while (!rnp_identifier_iterator_next(it, &fprint)) {
+        if (!fprint) {
+            break;
+        }
+        SCOPED_TRACE(fprint);
+        rnp_key_handle_t skey = NULL;
+        assert_rnp_success(rnp_locate_key(ffi, "fingerprint", fprint, &skey));
+        bool secret = true;
+        assert_rnp_success(rnp_key_have_secret(skey, &secret));
+        if (secret) {
+            bool locked = false;
+            assert_rnp_success(rnp_key_is_locked(skey, &locked));
+            assert_true(locked);
+        }
+        rnp_key_handle_destroy(skey);
+    }
+    rnp_identifier_iterator_destroy(it);
+
     // cleanup
     assert_rnp_success(rnp_input_destroy(input));
     input = NULL;
@@ -762,6 +784,25 @@ TEST_F(rnp_tests, test_ffi_encrypt_and_sign)
     assert_string_equal(hname, "SHA512");
     rnp_buffer_destroy(hname);
     hname = NULL;
+    // make sure keys are locked
+    assert_rnp_success(rnp_identifier_iterator_create(ffi, &it, "fingerprint"));
+    while (!rnp_identifier_iterator_next(it, &fprint)) {
+        if (!fprint) {
+            break;
+        }
+        SCOPED_TRACE(fprint);
+        rnp_key_handle_t skey = NULL;
+        assert_rnp_success(rnp_locate_key(ffi, "fingerprint", fprint, &skey));
+        bool secret = true;
+        assert_rnp_success(rnp_key_have_secret(skey, &secret));
+        if (secret) {
+            bool locked = false;
+            assert_rnp_success(rnp_key_is_locked(skey, &locked));
+            assert_true(locked);
+        }
+        rnp_key_handle_destroy(skey);
+    }
+    rnp_identifier_iterator_destroy(it);
     // cleanup
     rnp_op_verify_destroy(verify);
     rnp_input_destroy(input);

third_party/rnp/version.txt

@@ -1 +1 @@
-0.16.2
+0.16.3