Bug 1581998 - land NSS NSS_3_46_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs a=lizzard
authorJ.C. Jones <jjones@mozilla.com>
Thu, 03 Oct 2019 02:07:47 +0200
changeset 552229 2d4b8973e8de95bb89e1138e154452bc5aa012ff
parent 552228 fd7e01f7e11f63c0f19afd62a1d5d48c4f492079
child 552230 06ddf8fc87f7d6edae3eed1101cb82c1f8f47409
push id12101
push userarchaeopteryx@coole-files.de
push dateFri, 04 Oct 2019 08:19:27 +0000
treeherdermozilla-beta@06ddf8fc87f7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskjacobs, lizzard
bugs1581998, 1577953, 1582343
milestone70.0
Bug 1581998 - land NSS NSS_3_46_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs a=lizzard 2019-10-02 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.46.1 final [42682c941fd6] [NSS_3_46_1_RTM] <NSS_3_46_BRANCH> 2019-10-01 Kevin Jacobs <kjacobs@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1577953 - Support longer (up to RFC maximum) HKDF outputs r=jcj HKDF-Expand enforces a maximum output length much shorter than stated in the RFC. This patch aligns the implementation with the RFC by allocating more output space when necessary. [f8dc0ce54c16] <NSS_3_46_BRANCH> 2019-09-26 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c, lib/softoken/tlsprf.c: Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj [e2945c434286] <NSS_3_46_BRANCH> 2019-08-30 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_46_RTM for changeset decbf7bd40fd [a75ea4cdacd9] <NSS_3_46_BRANCH> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.46 final [decbf7bd40fd] [NSS_3_46_RTM] Differential Revision: https://phabricator.services.mozilla.com/D47998
old-configure.in
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/lib/nss/nss.h
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/softkver.h
security/nss/lib/softoken/tlsprf.c
security/nss/lib/util/nssutil.h
--- a/old-configure.in
+++ b/old-configure.in
@@ -1525,17 +1525,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.46, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.46.1, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss"
 if test -z "$MOZ_SYSTEM_NSS"; then
    case "${OS_ARCH}" in
         # Only few platforms have been tested with GYP
         WINNT|Darwin|Linux|DragonFly|FreeBSD|NetBSD|OpenBSD|SunOS)
             ;;
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_46_RTM
+NSS_3_46_1_RTM
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -17,20 +17,20 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.46" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.46.1" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
 #define NSS_VMINOR 46
-#define NSS_VPATCH 0
+#define NSS_VPATCH 1
 #define NSS_VBUILD 0
 #define NSS_BETA PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -1925,17 +1925,17 @@ sftk_SignCopy(
     return SECSuccess;
 }
 
 /* Verify is just a compare for HMAC */
 static SECStatus
 sftk_HMACCmp(CK_ULONG *copyLen, unsigned char *sig, unsigned int sigLen,
              unsigned char *hash, unsigned int hashLen)
 {
-    return (PORT_Memcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
+    return (NSS_SecureMemcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
 }
 
 /*
  * common HMAC initalization routine
  */
 static CK_RV
 sftk_doHMACInit(SFTKSessionContext *context, HASH_HashType hash,
                 SFTKObject *key, CK_ULONG mac_size)
@@ -2041,17 +2041,17 @@ sftk_SSLMACVerify(SFTKSSLMACInfo *info, 
     unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH];
     unsigned int out;
 
     info->begin(info->hashContext);
     info->update(info->hashContext, info->key, info->keySize);
     info->update(info->hashContext, ssl_pad_2, info->padSize);
     info->update(info->hashContext, hash, hashLen);
     info->end(info->hashContext, tmpBuf, &out, SFTK_MAX_MAC_LENGTH);
-    return (PORT_Memcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
+    return (NSS_SecureMemcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
 }
 
 /*
  * common HMAC initalization routine
  */
 static CK_RV
 sftk_doSSLMACInit(SFTKSessionContext *context, SECOidTag oid,
                   SFTKObject *key, CK_ULONG mac_size)
@@ -3553,17 +3553,17 @@ NSC_VerifyFinal(CK_SESSION_HANDLE hSessi
         (*context->end)(context->hashInfo, tmpbuf, &digestLen, sizeof(tmpbuf));
         if (SECSuccess != (context->verify)(context->cipherInfo, pSignature,
                                             ulSignatureLen, tmpbuf, digestLen))
             crv = sftk_MapCryptError(PORT_GetError());
     } else if (ulSignatureLen != context->macSize) {
         /* must be block cipher MACing */
         crv = CKR_SIGNATURE_LEN_RANGE;
     } else if (CKR_OK == (crv = sftk_MACFinal(context))) {
-        if (PORT_Memcmp(pSignature, context->macBuf, ulSignatureLen))
+        if (NSS_SecureMemcmp(pSignature, context->macBuf, ulSignatureLen))
             crv = CKR_SIGNATURE_INVALID;
     }
 
     sftk_TerminateOp(session, SFTK_VERIFY, context);
     sftk_FreeSession(session);
     return crv;
 }
 
@@ -7858,33 +7858,35 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
         hkdf : {
             const CK_NSS_HKDFParams *params =
                 (const CK_NSS_HKDFParams *)pMechanism->pParameter;
             const SECHashObject *rawHash;
             unsigned hashLen;
             CK_BYTE hashbuf[HASH_LENGTH_MAX];
             CK_BYTE *prk; /* psuedo-random key */
             CK_ULONG prkLen;
-            CK_BYTE *okm; /* output keying material */
+            CK_BYTE *okm;                 /* output keying material */
+            unsigned allocated_space = 0; /* If we need more work space, track it */
+            unsigned char *key_buf = &key_block[0];
 
             rawHash = HASH_GetRawHashObject(hashType);
             if (rawHash == NULL || rawHash->length > sizeof(hashbuf)) {
                 crv = CKR_FUNCTION_FAILED;
                 break;
             }
             hashLen = rawHash->length;
 
             if (pMechanism->ulParameterLen != sizeof(CK_NSS_HKDFParams) ||
                 !params || (!params->bExpand && !params->bExtract) ||
                 (params->bExtract && params->ulSaltLen > 0 && !params->pSalt) ||
                 (params->bExpand && params->ulInfoLen > 0 && !params->pInfo)) {
                 crv = CKR_MECHANISM_PARAM_INVALID;
                 break;
             }
-            if (keySize == 0 || keySize > sizeof key_block ||
+            if (keySize == 0 ||
                 (!params->bExpand && keySize > hashLen) ||
                 (params->bExpand && keySize > 255 * hashLen)) {
                 crv = CKR_TEMPLATE_INCONSISTENT;
                 break;
             }
             crv = sftk_DeriveSensitiveCheck(sourceKey, key);
             if (crv != CKR_OK)
                 break;
@@ -7924,44 +7926,59 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
 
             /* HKDF-Expand */
             if (!params->bExpand) {
                 okm = prk;
             } else {
                 /* T(1) = HMAC-Hash(prk, "" | info | 0x01)
                  * T(n) = HMAC-Hash(prk, T(n-1) | info | n
                  * key material = T(1) | ... | T(n)
+                 *
+                 * If the requested output length does not fit
+                 * within |key_block|, allocate space for expansion.
                  */
                 HMACContext *hmac;
                 CK_BYTE bi;
-                unsigned iterations = PR_ROUNDUP(keySize, hashLen) / hashLen;
+                unsigned n_bytes = PR_ROUNDUP(keySize, hashLen);
+                unsigned iterations = n_bytes / hashLen;
                 hmac = HMAC_Create(rawHash, prk, prkLen, isFIPS);
                 if (hmac == NULL) {
                     crv = CKR_HOST_MEMORY;
                     break;
                 }
-                for (bi = 1; bi <= iterations; ++bi) {
+                if (n_bytes > sizeof(key_block)) {
+                    key_buf = PORT_Alloc(n_bytes);
+                    if (key_buf == NULL) {
+                        crv = CKR_HOST_MEMORY;
+                        break;
+                    }
+                    allocated_space = n_bytes;
+                }
+                for (bi = 1; bi <= iterations && bi > 0; ++bi) {
                     unsigned len;
                     HMAC_Begin(hmac);
                     if (bi > 1) {
-                        HMAC_Update(hmac, key_block + ((bi - 2) * hashLen), hashLen);
+                        HMAC_Update(hmac, key_buf + ((bi - 2) * hashLen), hashLen);
                     }
                     if (params->ulInfoLen != 0) {
                         HMAC_Update(hmac, params->pInfo, params->ulInfoLen);
                     }
                     HMAC_Update(hmac, &bi, 1);
-                    HMAC_Finish(hmac, key_block + ((bi - 1) * hashLen), &len,
+                    HMAC_Finish(hmac, key_buf + ((bi - 1) * hashLen), &len,
                                 hashLen);
                     PORT_Assert(len == hashLen);
                 }
                 HMAC_Destroy(hmac, PR_TRUE);
-                okm = key_block;
+                okm = key_buf;
             }
             /* key material = prk */
             crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize);
+            if (allocated_space) {
+                PORT_ZFree(key_buf, allocated_space);
+            }
             break;
         } /* end of CKM_NSS_HKDF_* */
 
         case CKM_NSS_JPAKE_ROUND2_SHA1:
             hashType = HASH_AlgSHA1;
             goto jpake2;
         case CKM_NSS_JPAKE_ROUND2_SHA256:
             hashType = HASH_AlgSHA256;
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -12,16 +12,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.46" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.46.1" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
 #define SOFTOKEN_VMINOR 46
-#define SOFTOKEN_VPATCH 0
+#define SOFTOKEN_VPATCH 1
 #define SOFTOKEN_VBUILD 0
 #define SOFTOKEN_BETA PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/softoken/tlsprf.c
+++ b/security/nss/lib/softoken/tlsprf.c
@@ -124,17 +124,17 @@ sftk_TLSPRFVerify(TLSPRFContext *cx,
     if (hashLen) {
         /* hashLen is non-zero when the user does a one-step verify.
         ** In this case, none of the data has been input yet.
         */
         sftk_TLSPRFHashUpdate(cx, hash, hashLen);
     }
     rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
     if (rv == SECSuccess) {
-        rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
+        rv = (SECStatus)(1 - !NSS_SecureMemcmp(tmp, sig, sigLen));
     }
     PORT_ZFree(tmp, sigLen);
     return rv;
 }
 
 static void
 sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
 {
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,20 +14,20 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.46"
+#define NSSUTIL_VERSION "3.46.1"
 #define NSSUTIL_VMAJOR 3
 #define NSSUTIL_VMINOR 46
-#define NSSUTIL_VPATCH 0
+#define NSSUTIL_VPATCH 1
 #define NSSUTIL_VBUILD 0
 #define NSSUTIL_BETA PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */