Bug 1176097 - Update NSS to NSS_3_19_2_WITH_CKBI_1_98_BRANCH. a=sledru
authorRyan VanderMeulen <ryanvm@gmail.com>
Fri, 19 Jun 2015 13:11:10 -0400
changeset 201235 61bfd82996e47ab28b1174e67457755fe28c4f89
parent 201234 3290ae4fe9f3b46e55db675be02c4142169cdf43
child 201236 db38541b30d8f5c73d35898429be24a87b6ac7dd
push id292
push userryanvm@gmail.com
push dateFri, 19 Jun 2015 17:17:19 +0000
treeherdermozilla-esr31@db38541b30d8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssledru
bugs1176097
milestone31.7.0
Bug 1176097 - Update NSS to NSS_3_19_2_WITH_CKBI_1_98_BRANCH. a=sledru
configure.in
security/nss/TAG-INFO
security/nss/cmd/certutil/certutil.c
security/nss/coreconf/coreconf.dep
security/nss/lib/freebl/blapit.h
security/nss/lib/nss/nss.h
security/nss/lib/softoken/softkver.h
security/nss/lib/ssl/dtlscon.c
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/util/nssutil.h
--- a/configure.in
+++ b/configure.in
@@ -3650,17 +3650,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.19.1, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.19.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_NATIVE_NSS"; then
    NSS_LIBS="$NSS_LIBS -lcrmf"
 else
    NSS_CFLAGS='-I$(LIBXUL_DIST)/include/nss'
 
    if test -z "$GNU_CC" -a "$OS_ARCH" = "WINNT"; then
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_19_1_WITH_CKBI_1_98_RTM
+NSS_3_19_2_WITH_CKBI_1_98_BRANCH
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -2415,20 +2415,20 @@ certutil_main(int argc, char **argv, PRB
 {
     CERTCertDBHandle *certHandle;
     PK11SlotInfo *slot = NULL;
     CERTName *  subject         = 0;
     PRFileDesc *inFile          = PR_STDIN;
     PRFileDesc *outFile         = PR_STDOUT;
     SECItem     certReqDER      = { siBuffer, NULL, 0 };
     SECItem     certDER         = { siBuffer, NULL, 0 };
-    char *      slotname        = "internal";
-    char *      certPrefix      = "";
+    const char *slotname        = "internal";
+    const char *certPrefix      = "";
     char *      sourceDir       = "";
-    char *      srcCertPrefix   = "";
+    const char *srcCertPrefix   = "";
     char *      upgradeID        = "";
     char *      upgradeTokenName     = "";
     KeyType     keytype         = rsaKey;
     char *      name            = NULL;
     char *      email            = NULL;
     char *      keysource       = NULL;
     SECOidTag   hashAlgTag      = SEC_OID_UNKNOWN;
     int	        keysize	        = DEFAULT_KEY_BITS;
@@ -2529,17 +2529,17 @@ certutil_main(int argc, char **argv, PRB
 
     }
 
     /*  -h specify token name  */
     if (certutil.options[opt_TokenName].activated) {
 	if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0)
 	    slotname = NULL;
 	else
-	    slotname = PL_strdup(certutil.options[opt_TokenName].arg);
+	    slotname = certutil.options[opt_TokenName].arg;
     }
 
     /*  -Z hash type  */
     if (certutil.options[opt_Hash].activated) {
 	char * arg = certutil.options[opt_Hash].arg;
         hashAlgTag = SECU_StringToSignatureAlgTag(arg);
         if (hashAlgTag == SEC_OID_UNKNOWN) {
 	    PR_fprintf(PR_STDERR, "%s -Z:  %s is not a recognized type.\n",
@@ -2589,26 +2589,26 @@ certutil_main(int argc, char **argv, PRB
 	    return 255;
 	}
 	serialNumber = sn;
     }
 
     /*  -P certdb name prefix */
     if (certutil.options[opt_DBPrefix].activated) {
         if (certutil.options[opt_DBPrefix].arg) {
-            certPrefix = strdup(certutil.options[opt_DBPrefix].arg);
+            certPrefix = certutil.options[opt_DBPrefix].arg;
         } else {
             Usage(progName);
         }
     }
 
     /*  --source-prefix certdb name prefix */
     if (certutil.options[opt_SourcePrefix].activated) {
         if (certutil.options[opt_SourcePrefix].arg) {
-            srcCertPrefix = strdup(certutil.options[opt_SourcePrefix].arg);
+            srcCertPrefix = certutil.options[opt_SourcePrefix].arg;
         } else {
             Usage(progName);
         }
     }
 
     /*  -q PQG file or curve name */
     if (certutil.options[opt_PQGFile].activated) {
 #ifndef NSS_DISABLE_ECC
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -133,23 +133,20 @@ typedef int __BLAPI_DEPRECATED __attribu
 #define SEED_KEY_LENGTH 16              /* bytes */
 
 #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
 
 /*
  * These values come from the initial key size limits from the PKCS #11
  * module. They may be arbitrarily adjusted to any value freebl supports.
  */
-#define RSA_MIN_MODULUS_BITS   512
+#define RSA_MIN_MODULUS_BITS   128
 #define RSA_MAX_MODULUS_BITS 16384
 #define RSA_MAX_EXPONENT_BITS   64
-/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
- * only 1023 bits and similar.  We don't have good data on whether this
- * happens because NSS used to count bit lengths incorrectly. */
-#define DH_MIN_P_BITS	      1023
+#define DH_MIN_P_BITS	       128
 #define DH_MAX_P_BITS        16384
 
 /*
  * The FIPS 186-1 algorithm for generating primes P and Q allows only 9
  * distinct values for the length of P, and only one value for the
  * length of Q.
  * The algorithm uses a variable j to indicate which of the 9 lengths
  * of P is to be used.
@@ -179,17 +176,17 @@ typedef int __BLAPI_DEPRECATED __attribu
  *      3072           256
  *
  * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
  * lengths as input and returns an error if they aren't in this list.
  */
 
 #define DSA1_Q_BITS      160
 #define DSA_MAX_P_BITS	3072
-#define DSA_MIN_P_BITS  1023
+#define DSA_MIN_P_BITS	 512
 #define DSA_MAX_Q_BITS   256
 #define DSA_MIN_Q_BITS   160
 
 #if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8
 #error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
 #endif
 
 
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -28,20 +28,20 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.19.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.19.2" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   19
-#define NSS_VPATCH   1
+#define NSS_VPATCH   2
 #define NSS_VBUILD   0
 #define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.19.1" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION  "3.19.2" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   19
-#define SOFTOKEN_VPATCH   1
+#define SOFTOKEN_VPATCH   2
 #define SOFTOKEN_VBUILD   0
 #define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/ssl/dtlscon.c
+++ b/security/nss/lib/ssl/dtlscon.c
@@ -224,17 +224,17 @@ dtls_HandleHandshake(sslSocket *ss, sslB
         message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
         message_seq = (buf.buf[4] << 8) | buf.buf[5];
         fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
         fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
 
 #define MAX_HANDSHAKE_MSG_LEN 0x1ffff   /* 128k - 1 */
         if (message_length > MAX_HANDSHAKE_MSG_LEN) {
             (void)ssl3_DecodeError(ss);
-            PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             return SECFailure;
         }
 #undef MAX_HANDSHAKE_MSG_LEN
 
         buf.buf += 12;
         buf.len -= 12;
 
         /* This fragment must be complete */
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -6738,17 +6738,17 @@ ssl3_HandleServerKeyExchange(sslSocket *
         unsigned dh_g_bits;
         unsigned dh_Ys_bits;
 
     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
     	if (rv != SECSuccess) {
 	    goto loser;		/* malformed. */
 	}
         dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-        if (dh_p_bits < DH_MIN_P_BITS) {
+        if (dh_p_bits < SSL_DH_MIN_P_BITS) {
 	    errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
 	    goto alert_loser;
 	}
     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
     	if (rv != SECSuccess) {
 	    goto loser;		/* malformed. */
 	}
         /* Abort if dh_g is 0, 1, or obviously too big. */
@@ -10045,25 +10045,25 @@ ssl3_AuthCertificate(sslSocket *ss)
 	ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
 	ss->sec.keaType       = ss->ssl3.hs.kea_def->exchKeyType;
 	if (pubKey) {
 	    KeyType pubKeyType;
 	    ss->sec.keaKeyBits = ss->sec.authKeyBits =
 		SECKEY_PublicKeyStrengthInBits(pubKey);
             pubKeyType = SECKEY_GetPublicKeyType(pubKey);
             /* Too small: not good enough. Send a fatal alert. */
-            /* TODO: Use 1023 for RSA because a higher RSA_MIN_MODULUS_BITS
-             * breaks export cipher suites, not 1024 to be conservative; when
-             * export removed, increase RSA_MIN_MODULUS_BITS and use that. */
             /* We aren't checking EC here on the understanding that we only
              * support curves we like, a decision that might need revisiting. */
             if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey ||
-                  pubKeyType == rsaOaepKey) && ss->sec.authKeyBits < 1023) ||
-                (pubKeyType == dsaKey && ss->sec.authKeyBits < DSA_MIN_P_BITS) ||
-                (pubKeyType == dhKey && ss->sec.authKeyBits < DH_MIN_P_BITS)) {
+                  pubKeyType == rsaOaepKey) &&
+                  ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) ||
+                (pubKeyType == dsaKey &&
+                 ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) ||
+                (pubKeyType == dhKey &&
+                 ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) {
                 PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
                 (void)SSL3_SendAlert(ss, alert_fatal,
                                      ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
                                      ? insufficient_security
                                      : illegal_parameter);
                 SECKEY_DestroyPublicKey(pubKey);
                 return SECFailure;
             }
@@ -10993,17 +10993,17 @@ ssl3_HandleHandshake(sslSocket *ss, sslB
 	    else
 		ss->ssl3.hs.msg_len = (ss->ssl3.hs.msg_len << 8) + t;
 	    if (ss->ssl3.hs.header_bytes < 4)
 	    	continue;
 
 #define MAX_HANDSHAKE_MSG_LEN 0x1ffff	/* 128k - 1 */
 	    if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
 		(void)ssl3_DecodeError(ss);
-		PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+		PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
 		return SECFailure;
 	    }
 #undef MAX_HANDSHAKE_MSG_LEN
 
 	    /* If msg_len is zero, be sure we fall through, 
 	    ** even if buf->len is zero. 
 	    */
 	    if (ss->ssl3.hs.msg_len > 0) 
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -148,16 +148,25 @@ typedef enum { SSLAppOpRead = 0,
 #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
 
 #ifndef BPB
 #define BPB 8 /* Bits Per Byte */
 #endif
 
 #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
 
+/* The minimum server key sizes accepted by the clients.
+ * Not 1024 to be conservative. */
+#define SSL_RSA_MIN_MODULUS_BITS 1023
+/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
+ * only 1023 bits and similar.  We don't have good data on whether this
+ * happens because NSS used to count bit lengths incorrectly. */
+#define SSL_DH_MIN_P_BITS 1023
+#define SSL_DSA_MIN_P_BITS 1023
+
 #define INITIAL_DTLS_TIMEOUT_MS   1000  /* Default value from RFC 4347 = 1s*/
 #define MAX_DTLS_TIMEOUT_MS      60000  /* 1 minute */
 #define DTLS_FINISHED_TIMER_MS  120000  /* Time to wait in FINISHED state */
 
 typedef struct sslBufferStr             sslBuffer;
 typedef struct sslConnectInfoStr        sslConnectInfo;
 typedef struct sslGatherStr             sslGather;
 typedef struct sslSecurityInfoStr       sslSecurityInfo;
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,20 +14,20 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.19.1"
+#define NSSUTIL_VERSION  "3.19.2"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   19
-#define NSSUTIL_VPATCH   1
+#define NSSUTIL_VPATCH   2
 #define NSSUTIL_VBUILD   0
 #define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */