Bug 839141 - Upgrade Mozilla to NSS 3.14.3, r=wtc+bsmith, a=lsblakk
authorHonza Bambas <honzab.moz@firemni.cz>
Wed, 13 Mar 2013 20:08:02 +0100
changeset 132375 6324adcca5c1a44f49c14bbc93ff3ae10e2c8a2c
parent 132374 669a4b33fa4bad757d840b40e99b69132007d573
child 132376 e3987f396053e3b33bc1235f7445fd2db9e5d56f
push id2323
push userbbajaj@mozilla.com
push dateMon, 01 Apr 2013 19:47:02 +0000
treeherdermozilla-beta@7712be144d91 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswtc, lsblakk
bugs839141
milestone21.0a2
Bug 839141 - Upgrade Mozilla to NSS 3.14.3, r=wtc+bsmith, a=lsblakk
security/coreconf/coreconf.dep
security/nss/TAG-INFO
security/nss/TAG-INFO-CKBI
security/nss/cmd/certutil/certutil.c
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/hmacct.h
security/nss/lib/nss/nss.h
security/nss/lib/softoken/softkver.h
security/nss/lib/util/nssutil.h
security/nss/lib/util/pkcs11n.h
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_14_3_BETA1
+NSS_3_14_3_RTM
--- a/security/nss/TAG-INFO-CKBI
+++ b/security/nss/TAG-INFO-CKBI
@@ -1,1 +1,1 @@
-NSS_3_14_3_BETA1
+NSS_3_14_3_RTM
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -308,17 +308,17 @@ CertReq(SECKEYPrivateKey *privk, SECKEYP
 	if (header) {
 	    char * trailer = PR_smprintf("\n%s\n", NS_CERTREQ_TRAILER);
 	    if (trailer) {
 		PRUint32 headerLen = PL_strlen(header);
 		PRUint32 obufLen = PL_strlen(obuf);
 		PRUint32 trailerLen = PL_strlen(trailer);
 		SECITEM_AllocItem(NULL, result,
 				  headerLen + obufLen + trailerLen);
-		if (!result->data) {
+		if (result->data) {
 		    PORT_Memcpy(result->data, header, headerLen);
 		    PORT_Memcpy(result->data + headerLen, obuf, obufLen);
 		    PORT_Memcpy(result->data + headerLen + obufLen,
 				trailer, trailerLen);
 		}
 		PR_smprintf_free(trailer);
 	    }
 	    PR_smprintf_free(header);
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1,15 +1,15 @@
 /*
  * crypto.h - public data structures and prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapi.h,v 1.50 2013/02/05 18:10:42 wtc%google.com Exp $ */
+/* $Id: blapi.h,v 1.51 2013/02/14 21:20:46 wtc%google.com Exp $ */
 
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
 
 #include "blapit.h"
 #include "hasht.h"
 #include "alghmac.h"
 
@@ -870,18 +870,18 @@ extern void MD5_Update(MD5Context *cx,
 **	"digestLen" where the digest length (16) is stored
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void MD5_End(MD5Context *cx, unsigned char *digest,
 		    unsigned int *digestLen, unsigned int maxDigestLen);
 
 /*
-** Export the raw state of the MD5 hash without appending the standard padding
-** and length bytes. Produce the digested results in "digest"
+** Export the current state of the MD5 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (16) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
 		       unsigned int *digestLen, unsigned int maxDigestLen);
@@ -1039,19 +1039,19 @@ extern void SHA1_Update(SHA1Context *cx,
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 
 /*
 ** Export the current state of the SHA-1 hash without appending the standard
-** padding and length. Produce the digested results in "digest"
+** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
-**	"digest" where the 16 bytes of digest data are stored
+**	"digest" where the 20 bytes of digest data are stored
 **	"digestLen" where the digest length (20) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
 			unsigned int *digestLen, unsigned int maxDigestLen);
 
 /*
@@ -1087,16 +1087,25 @@ extern void SHA1_Clone(SHA1Context *dest
 
 extern SHA224Context *SHA224_NewContext(void);
 extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
 extern void SHA224_Begin(SHA224Context *cx);
 extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-224 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 28 bytes of digest data are stored
+**	"digestLen" where the digest length (28) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
 			      uint32 src_length);
 extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
 extern void SHA224_TraceState(SHA224Context *cx);
 extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
@@ -1107,16 +1116,25 @@ extern void SHA224_Clone(SHA224Context *
 
 extern SHA256Context *SHA256_NewContext(void);
 extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
 extern void SHA256_Begin(SHA256Context *cx);
 extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-256 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 32 bytes of digest data are stored
+**	"digestLen" where the digest length (32) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
 			      uint32 src_length);
 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
 extern void SHA256_TraceState(SHA256Context *cx);
 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
@@ -1125,16 +1143,25 @@ extern void SHA256_Clone(SHA256Context *
 
 /******************************************/
 
 extern SHA512Context *SHA512_NewContext(void);
 extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
 extern void SHA512_Begin(SHA512Context *cx);
 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
 			unsigned int inputLen);
+/*
+** Export the current state of the SHA-512 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 64 bytes of digest data are stored
+**	"digestLen" where the digest length (64) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
 			      uint32 src_length);
 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
 extern void SHA512_TraceState(SHA512Context *cx);
@@ -1147,16 +1174,25 @@ extern void SHA512_Clone(SHA512Context *
 
 extern SHA384Context *SHA384_NewContext(void);
 extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
 extern void SHA384_Begin(SHA384Context *cx);
 extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-384 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 48 bytes of digest data are stored
+**	"digestLen" where the digest length (48) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
 			      uint32 src_length);
 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
 extern void SHA384_TraceState(SHA384Context *cx);
 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
--- a/security/nss/lib/freebl/hmacct.h
+++ b/security/nss/lib/freebl/hmacct.h
@@ -1,14 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef _ALGHMACCT_H_
-#define _ALGHMACCT_H_
+#ifndef _HMACCT_H_
+#define _HMACCT_H_
 
 SEC_BEGIN_PROTOS
 
 extern SECStatus HMAC_ConstantTime(
     unsigned char *result,
     unsigned int *resultLen,
     unsigned int maxResultLen,
     const SECHashObject *hashObj,
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -1,15 +1,15 @@
 /*
  * NSS utility functions
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nss.h,v 1.103 2013/01/31 22:59:44 kaie%kuix.de Exp $ */
+/* $Id: nss.h,v 1.104 2013/02/14 19:16:13 kaie%kuix.de Exp $ */
 
 #ifndef __nss_h_
 #define __nss_h_
 
 /* The private macro _NSS_ECC_STRING is for NSS internal use only. */
 #ifdef NSS_ENABLE_ECC
 #ifdef NSS_ECC_MORE_THAN_SUITE_B
 #define _NSS_ECC_STRING " Extended ECC"
@@ -29,22 +29,22 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION  "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   14
 #define NSS_VPATCH   3
 #define NSS_VBUILD   0
-#define NSS_BETA     PR_TRUE
+#define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
 
 /*
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.14.3.0" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION  "3.14.3.0" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   14
 #define SOFTOKEN_VPATCH   3
 #define SOFTOKEN_VBUILD   0
-#define SOFTOKEN_BETA     PR_TRUE
+#define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,22 +14,22 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.14.3.0 Beta"
+#define NSSUTIL_VERSION  "3.14.3.0"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   14
 #define NSSUTIL_VPATCH   3
 #define NSSUTIL_VBUILD   0
-#define NSSUTIL_BETA     PR_TRUE
+#define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */
 extern const char *NSSUTIL_GetVersion(void);
 
--- a/security/nss/lib/util/pkcs11n.h
+++ b/security/nss/lib/util/pkcs11n.h
@@ -1,17 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _PKCS11N_H_
 #define _PKCS11N_H_
 
 #ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $ $Date: 2013/02/07 01:29:19 $";
+static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.32 $ $Date: 2013/02/12 22:33:53 $";
 #endif /* DEBUG */
 
 /*
  * pkcs11n.h
  *
  * This file contains the NSS-specific type definitions for Cryptoki
  * (PKCS#11).
  */
@@ -190,16 +190,30 @@ static const char CKT_CVS_ID[] = "@(#) $
  * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 
  * to get a key with uniformly distributed bits.
  */
 #define CKM_NSS_JPAKE_FINAL_SHA1    (CKM_NSS + 15)
 #define CKM_NSS_JPAKE_FINAL_SHA256  (CKM_NSS + 16)
 #define CKM_NSS_JPAKE_FINAL_SHA384  (CKM_NSS + 17)
 #define CKM_NSS_JPAKE_FINAL_SHA512  (CKM_NSS + 18)
 
+/* Constant-time MAC mechanisms:
+ *
+ * These operations verify a padded, MAC-then-encrypt block of data in
+ * constant-time. Because of the order of operations, the padding bytes are not
+ * protected by the MAC. However, disclosing the value of the padding bytes
+ * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
+ * as subtle as taking slightly less time to perform the MAC when the padding
+ * is one byte longer. See https://www.isg.rhul.ac.uk/tls/
+ *
+ * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
+ * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
+ *
+ * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
+ */
 #define CKM_NSS_HMAC_CONSTANT_TIME      (CKM_NSS + 19)
 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME  (CKM_NSS + 20)
 
 /*
  * HISTORICAL:
  * Do not attempt to use these. They are only used by NETSCAPE's internal
  * PKCS #11 interface. Most of these are place holders for other mechanism
  * and will change in the future.
@@ -238,17 +252,25 @@ typedef struct CK_NSS_JPAKERound2Params 
     CK_NSS_JPAKEPublicValue gx4; /* in */
     CK_NSS_JPAKEPublicValue A;   /* out */
 } CK_NSS_JPAKERound2Params;
 
 typedef struct CK_NSS_JPAKEFinalParams {
     CK_NSS_JPAKEPublicValue B; /* in */
 } CK_NSS_JPAKEFinalParams;
 
-/* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
+/* macAlg: the MAC algorithm to use. This determines the hash function used in
+ *     the HMAC/SSLv3 MAC calculations.
+ * ulBodyTotalLen: the total length of the data, including padding bytes and
+ *     padding length.
+ * pHeader: points to a block of data that contains additional data to
+ *     authenticate. For TLS this includes the sequence number etc. For SSLv3,
+ *     this also includes the initial padding bytes.
+ *
+ * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
  * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
  * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
  * unsigned int variable to represent the length in bits. This should not
  * be a problem because the SSL/TLS protocol limits the size of an SSL
  * record to something considerably less than 2^32 bytes.
  */
 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
     CK_MECHANISM_TYPE macAlg;   /* in */